Comcast Ventures Invests in Security Rating Platform BitSight
1. What's the problem you were trying to solve for with founding BitSight?
Information asymmetry is a real challenge for organizations today. We share more and more data, but have very limited visibility into the security practices and performance of the external networks our data sits in; this limits our ability to manage cyber risk in third party networks. Furthermore, boards and executives are being asked to demonstrate greater oversight of their own security posture, but the lack of benchmarking capabilities has made it nearly impossible to answer important questions regarding security performance over time. To truly identify, quantify and mitigate security risk, organizations need a solution that is continuous, automated and provides objective, evidence-based measures of security performance. That is where BitSight comes in.
2. What's a real-world example of how BitSight works?
One of the most common examples of BitSight "in the real world" is how our customers use ratings to address third party risk. Most companies are performing, at best, annual assessments on their vendors, and find our ratings an effective way to monitor security risks on a continuous basis between these check points. Our typical customer will have a portfolio of companies that they monitor based on the levels of risk they present to the organization. When they see a rating decline significantly, or have another cause for concern (such as susceptibility to a newly discovered vulnerability like Heartbleed or Poodle), our customers deliver a BitSight report to the affected third party. In turn, BitSight grants platform access to that third party and provides detailed analytics and forensics that allow them to identify and repair the issues that are causing concern. This has the result of not only improving the security performance of the affected vendor, but in the long run, mitigating the security risks faced by our customers.
3. What’s item one on your agenda right now?
We have a variety of sales, marketing and technology initiatives underway that ultimately lead to BitSight becoming an industry standard. With the resources inherent in this new partnership, my No. 1 agenda item is extending those initiatives to new geographical markets.
4. What advice would you give to fellow startups/entrepreneurs?
BitSight is my fourth startup in this industry, and while there are a number of things I could say about running a successful venture, the number one piece of advice that I would give anyone is ‘surround yourself with the best people you can hire’. When it comes down to it, these are the people you are choosing to surround yourself with and to make important decisions that will steer the course your business takes. Every executive role in the company must be supported by a strong ‘bench’ so you can trust these people and believe that they are bringing the right things to the table. Building your team goes beyond just looking for people who have the right experience and capabilities; you need to consider how they are going to fit with the rest of your team and how, as a whole, you are all going to grow and develop the company together.
My second piece of advice to fellow entrepreneurs is ‘always raise money when you don’t need it’. That way you have the ability to react appropriately to market changes and to out maneuver any potential competitors.
5. What do you do when you’re not at your day job?
There are a number of projects that keep me busy outside of work, but the one closest to my heart involves a charity that I founded with my wife in 2012 called Home Away Boston. I founded this organization to provide services to the families of critically ill children who are in Boston (sometimes far from home) to seek treatment at our world-class medical facilities. We provide free housing close to the hospitals and a number of other support services to help caretakers focus on improving the wellbeing of their family members, and hopefully reduce some of the stresses that they are facing during this difficult time.
Recently, I also published my first novel (available as an ebook here), with 100% of the proceeds benefitting Home Away Boston. The story centers on the discoveries of an archaeologist, Aden Neumann, which lead him on adventures across four continents with the goal of uncovering the mysteries of mankind's origins, and possibly a new species of man greater than homo sapien.
6. What differentiates BitSight from the competition?
There are a number of factors that set us apart from our competition. First of all, we have the best team in the business. It is a combination of seasoned professionals who have achieved great business success in many of my last four companies, as well as many brilliant minds for whom this is our first campaign together.
Second, we were the first to market with this innovative solution and as such, we have deeper market penetration as evidenced by our more than 150 customers across all industries. We serve organizations both large and small, including more than 25 organizations in the Fortune 500. Validation from our customers and leading analyst firms like Gartner has helped to make BitSight a rapidly emerging standard in the security ratings industry. In fact, in the 2015 Gartner Cool Vendor Report for Vendor Management analyst Gayla Sullivan said, "The company is well on its way to being as widely recognized as a Moody’s or S&P ratings for the information security space."
Another thing that sets us apart from our competitors is high quality of our data and IP Maps for organizations. We’ve been told by many of our customers how impressed they are with our accuracy and quality, especially when compared with other organizations providing similar services. This has lead to a deep sense of confidence, empowering organizations to make risk based decisions using our data, like which vendors to hire or what cyber insurance policies to underwrite. The effect of this is that our customers end up being more secure, and so do their vendors, insureds and other third parties in their ecosystem who benefit from our ratings.
7. What has surprised you the most about this space?
The number of ways that our customers tell us they are using BitSight Security Ratings has really been remarkable. When we first launched this product, Vendor Risk Management was our primary focus. But since then, we’ve heard dozens of applications in which people are using our ratings. Listening to this feedback has allowed us to tailor our platform to provide solutions for cyber insurance underwriting and premium negotiation, board reporting and performance benchmarking, mergers and acquisitions cyber due diligence, investment portfolio management, and many more possible use cases. It’s been quite exciting to see this market take shape and hear the innovative ideas that people are bringing forth as we mature.