First of all, how are you and your family doing in these COVID-19 times?
Jake Kouns: We’re doing well. It’s been a difficult time for many around the world, but we’ve been relatively lucky. I have my family around me, and we’re all healthy and staying safe.
Tell us about you, your career, how you founded Risk Based Security.
Jake Kouns: When we founded Risk Based Security in 2011, we did so with the mission of providing organizations the best security intelligence available so that they could truly understand and make the appropriate risk decisions. Quite simply, better data means better risk decisions. Being in the information security industry for most of my life, I saw that pretty much every security vendor, especially in the vulnerability management space, was (and still is) basing their products on freely provided data from the U.S. government. In addition, no one was tracking how data breaches are occurring to help determine what controls should be implemented in order to avoid them in the future, whether to their own organization or their vendors. The lack of high-quality data ultimately causes significant risk management problems for organizations because of what they are missing.
We saw the opportunity to provide a solution to a serious problem that wasn’t being addressed. We started out as a data intelligence feed, serving clients who were willing to try a new approach to managing vulnerabilities and a better understanding of vendor risk, including the cyber insurance industry. Along the way, we have recruited well-known leaders in the security industry to help realize our mission.
These days, we’re a global leader in vulnerability and data breach intelligence, including vendor risk ratings, serving clients around the world in nearly every industry. Our product, Cyber Risk Analytics, contains vendor security ratings on organizations and data breach intelligence, while VulnDB is the largest collection of software and hardware vulnerabilities available. Through our platforms, we equip our clients with the most comprehensive and detailed vulnerability and threat intelligence available on the market. Our products enable organizations to make risk-based, data-driven security decisions in a timely manner to effectively prioritize and manage risk mitigation.
How does Risk Based Security innovate?
Jake Kouns: The intelligence we provide is powerful. We gather data from thousands of sources and are constantly adding to our growing database of vulnerabilities and data breaches. If it’s out there, we want you to be able to find it in our products. We explore the who, what, why, when, where, and how; anything we can find that adds vital details to help organizations make those better risk decisions. We give our clients all the intelligence they need for the vendors and products they care about and then give them the tools to prioritize the issues they need to fix.
Even though our intelligence has always been the best on the market, we are always looking to find more data sources and turn it into additional insight to assist our clients in risk-based decision-making.
We also know that our clients need to be able to operationalize our intelligence to more effectively secure their businesses. We push the envelope by making our data actionable, and to that end, we’ve also developed an expansive suite of integrations and connectors to ensure they can get the best security intelligence in their existing products and workflow, as well as enhancing our own platforms.
How the coronavirus pandemic affects your business, and how are you coping?
Jake Kouns: We’ve made it a priority to do everything we can to ensure we keep our employees safe and have been fortunate that our teams are able to easily work remotely. In fact, for many years, Risk Based Security did not have a physical office location, and everyone worked remotely, which made the transition for us seamless. Thanks to careful planning, we’ve actually been able to grow and hire during the pandemic as we expand our capabilities and products. There’s no doubt that many of our clients have been affected by the impact both to their sector and the economy as a whole, so we’re doing what we can to support them and help manage their risk.
With the current pandemic, even more, businesses are being forced to conduct business online, making security a more critical need. In the first half of 2020, our research shows that the number of records exposed from data breaches was more than four times higher than any previously reported six month time period. The work required for organizations to be secure isn’t getting easier, and the costs and complexity of managing security research in-house continue to increase. We’ve aggregated more than 11,000 vulnerabilities so far this year, which means our clients spend less time researching vulnerabilities and more time managing them.
Did you have to make difficult choices, and what are the lessons learned?
Jake Kouns: When faced with the seriousness of this pandemic, we decided to close our headquarters in Richmond, VA. It hurt, and we miss seeing each other face-to-face, but it was the right thing to do for our people and the community’s safety. We’re a strong, committed team, so we’ve been able to continue to provide the same level of service that our clients enjoy and expect from us.
But as we’ve worked from home, we’ve noticed the strains this new normal has put on our employee’s families. Many of us have children who are starting the school year virtually, and we’ve seen first hand that it’s a challenge to make the proper accommodations. It’s also important to secure their learning devices. It’s not what we do, day to day, but we wanted to help our community, so we’ve been working to help school administrators, parents, and childcare providers understand the possible dangers and give them the information they need to help protect the privacy and data of the children in their care. We’ve been in touch with a number of school districts across the U.S. to help them take the proper steps.
We’re beginning to reopen now, but we’re taking our time to do it properly. That means taking steps to maintain social distancing, wearing masks, frequent sanitization in the office, limiting visitors and listening to our people’s needs.
How do you deal with stress and anxiety, how do you project yourself and Risk Based Security in the future?
Jake Kouns: I can tell you that the workload hasn’t decreased for my team and myself personally. With security being so in demand, we seem to be working harder than ever. While we are extremely fortunate to be in an industry that has not been as impacted as others, it has definitely been a challenging year on a number of fronts.
We have tried to really focus on our key priorities and ensure that we are working on the most important projects that matter. We have found that when our teams and company are able to see progress and get things completed, it just feels great. We joke from time to time about making sure that we are “professional checkbox checkers,” It is important that we provide results for our clients but even more important for our employees as they get to feel that great pride of accomplishment.
Professionally, at Risk Based Security, we try to ensure there is a work-life balance, but we definitely throw ourselves into doing what we do best: serving our clients, providing them with the intelligence they need to effectively manage their risk, and make sure they have one less thing to worry about.
Who are your competitors? And how do you plan to stay in the game?
Jake Kouns: The security industry is highly competitive, and there are many vendors out there, each bringing something to the table. In fact, there are new entrants to the security industry seemingly weekly as the need to secure organizations and protect their data is increasing at a rapid pace.
What makes us stand out is that our intelligence and data are the most comprehensive and detailed on the market by far. Security management tools are a dime a dozen out there, but they are only as good as the data that powers them. The data we collect and the intelligence we provide is powerful, and our products help our clients evolve beyond just vulnerability scanning and checkbox vendor assessments. We’re helping organizations see which of their assets are vulnerable, where they should prioritize their efforts, and which vendors cause the most security concerns. It is amazing how proper intelligence can help an organization focus its resources and reduce their costs.
It really all comes down to our data, so we are doing everything we can to make sure that organizations in every industry can operationalize it in the tools that they currently use. To that end, we differentiate ourselves by providing our clients with not just a web-based portal and an API but also integrations for most leading ticketing and asset systems and workflows.
When it comes to data and our products, we are always pushing ourselves forward. As we continue to provide vulnerability metadata and metrics to our clients, we are also looking to find ways to further revolutionize how organizations secure their assets. Keep an eye out for some exciting news in the future.
Your final thoughts?
Jake Kouns: As we all know, this year has been one of the most challenging that companies and particularly start-ups have ever faced. While many founders and leaders had their business plans in place, they need to be open-minded about how to pivot if necessary. When budgets are tightening for companies, spending on new products can be reduced. Founders should focus on explaining the value of their product and how it brings efficiencies and, most importantly, how it reduces their expenditures.