Sramana Mitra: Are you selling directly to enterprise CIO’s or are you an OEM into a Cisco, for instance? How do you go to market?
Ethan Schmertzler: We, almost always, go directly to CIO’s and CTO’s of large institutions because they’re trying to make users’ lives easier and more efficient, but they confront the security concerns of these open networks. We often get integrated directly with the institution.>>>
In this interview, Ethan discusses Moving Target Networks, a cyber defense technology. The company does about $10M ARR.
Sramana Mitra: Let’s start by introducing our audience to yourself as well as to Dispel.
Ethan Schmertzler: I’m the CEO and one of the Co-Founders of Dispel, which is a cyber security and cyber defense firm that was founded in 2015. It’s based in New York City and Washington DC.>>>
Dafina Toncheva, Partner at US Venture Partners, is an expert in Cyber Security. We discussed a variety of topics including the shifting of Series A metrics to $2M-$3M ARR for SaaS companies.
Sramana Mitra: Let me see if I understood that. How do you work with board members? Is it a Board that has a dashboard about that company’s risk that you’re providing?
Tom Turner: What we often see from our customers is they will use BitSight’s rating in the following form. A company will use its own rating and compare it to a competitive set or peer organizations. That’s a way to be able to set up any security or risk discussion that they’re having with the Board.
Sramana Mitra: I see. It’s a peer group rating comparison that helps the security and governance committee of the Board to assess where the company stands with respect to security risk. >>>
Sramana Mitra: Interesting. What level of penetration do you have? How many companies are you rating in this mode?
Tom Turner: We rate around 120,000 enterprises around the globe. Those ratings are consumed by about 1,200 global customers that use BitSight in one of our use cases around third-party risks. That’s looking at vendors in their supply chain, applicants to cyber-insurance and also being able to look at their own rating performance in the context of competition or key benchmark that they use.
Sramana Mitra: Who are your primary customers? Who’s paying you and for what?
Tom Turner: Majority of our customers are in the Fortune 10,000. 20% of the Fortune 500 use BitSight in their third-party risk and >>>
Sramana Mitra: What are you measuring?
Tom Turner: The measurements that we look at fall into four buckets, if you think about it in a somewhat non-technical way. The important thing is these are all outcomes. These are things that are happening; not things that might happen. We collect all of this information globally. The first bucket to think about that’s important for measuring cyber security performance and therefore associated risk is the volume, variety, and frequency of a company’s machine in its environment that has been compromised.
There’s a powerful relationship between the frequency and the duration that an organization might have compromised assets and likelihood of that >>>
Cyber security risk is growing exponentially. How do you measure and benchmark such risk?
Sramana Mitra: Let’s start by having your introduce yourself as well as BitSight to our audience.
Tom Turner: I’m the CEO of BitSight Technologies. BitSight is a cyber security ratings company. We take a big data analytics approach to measuring the outcomes that have happened to hundreds of thousands of companies around the world so we can understand their security and risk performance.
Our customers use that information to understand third parties that are important to their business. These are vendors and their supply chain. >>>
Jeff Swearingen: From an entrepreneur’s perspective, there’s always opportunity. The technology market is so saturated with companies and yet the market is moving so quickly. A young and agile company with some domain expertise can spot an opportunity and a gap in the market. That’s what SecureLink did. We found a gap in the market. We were ahead of it. We filled it, and we own it. Nobody does third-party remote access better than SecureLink.
If anyone is looking for an opportunity, you should have some domain expertise. My co-founder and I came from a technology and software background. We knew the people, problems, and the processes. One of the things I mentioned to entrepreneurs is to stay in your gold mine. If you know something about life insurance and if you understand that industry, that is gold. The closer you stick to >>>