50 Best Companies to Watch 2022
Business leaders can no longer solely rely on out-of-the-box cybersecurity solutions like antivirus software and firewalls, cybercriminals are getting more thoughtful, and their tactics are becoming more resilient to conventional cyber defenses. It’s essential to cover all the fields of cybersecurity to stay well-protected.
One of the best companies providing exceptional cybersecurity services is OccamSec. Its clients rely on the company to provide information security services that exceed current industry standards. The company provides accurate, actionable information to reduce risk and enable better-informed decisions. OccamSec’s unique end-to-end solutions detect, identify, respond, and protect to maximize your security program’s effectiveness.
The following excerpts are from a conversation with Mark Stamford, Founder, and CEO of OccamSec
Q. How do you successfully provide innovative solutions for customers and clients?
“Innovative” in cybersecurity means something that solves a problem without breaking the bank. That’s our focus for every project. When it comes to fixing issues, clients want to know how to maximize what they’ve already invested in. Clients want answers.
OccamSec operates an intelligence team that continuously collects data to analyze and identify possible threats to clients. We do penetration testing and red teaming to determine how an attack could happen. Depending upon the client’s needs, these are one-offs or conducted continuously using Incenter, our recently launched proprietary product. Finally, if a client fears they have been breached or wants to ensure that an organization they’re working with has not been compromised, we conduct threat hunting to look for attackers who may be hiding in networks.
Q. Talk about your solutions that help companies evade cyber security risks.
We listen to clients about their issues and what’s important to them and decide: a) if we can help and b) how we can help. Our intelligence team finds the threats facing clients. Besides collection via automated tools, the team also conducts manual collection procedures. This information feeds into our other services and is directly used by some clients.
To identify exposures that could lead to business disruptions, financial loss, or other significant issues, OccamSec provides penetration testing and red teaming services. Many clients need something beyond a point-in-time assessment. For that, the Incenter platform offers a comprehensive solution dealing with attack surface management, vulnerability management, and intelligence data. Described as a “game changer” by one client, the platform provides context information, enabling clients to focus only on the issues which matter most—and keeping their customers safe.
Incenter’s comprehensive approach to vulnerability identification, with intelligence and organizational context, ensures that the attack surface is identified, complex issues are identified, and action is taken before problems can be exploited. All of this happens on an ongoing basis; cases are reported as they are discovered around the clock.
Q. How efficient is your organization from an operational standpoint?
Our team is talented; they are smart, and they collaborate. Historically, cyber security professionals can be secretive in their work and not share knowledge very well. We have scrapped that concept, and everyone works together throughout the organization. The result has a team that challenges and encourages one another. They are as good as it gets.
The company has grown from a one-person operation that grew independently for 11 years—this required maximum efficiency across all areas of operations. We work hard to hire the right people, prioritize ensuring that they enjoy their work, provide support, and continue to pursue our objectives and those of our clients. We’re not the biggest security company, so we must always be good. Flashy marketing and expensive lawyers won’t save us if we screw up. And because cyber security is constantly in flux, it’s critical to keep on top of the latest developments. No one person can do that, so our team working collectively is vital.
Q. What is the primary reason most companies haven’t fixed their vulnerabilities?
There are various reasons, but I think the main one is that there’s a never-ending stream of new vulnerabilities that overload security teams.
Context across cyber security is the critical element that’s missing. What works for a large bank will not work for a small online business. Frameworks that seem helpful in one sector are useless in another. Most vulnerability scans and pen tests do not consider the environment, so the onus is on the end user to figure it out.
Q. How efficient is your security expertise, and how do you keep your service standards up and running?
Our team has found things the bigger guys could not. Adding more color, everyone is top-notch in all roles, from project managers, developers, and business development, to vulnerability researchers, intelligence professionals, and security consultants.
We are also lucky enough to have an excellent team of advisors.
Using a Delta force method, our hiring process is thorough and thoughtful. The process is rigorous, and we believe it finds the best people. We don’t focus on certificates or where someone has worked—instead, can they effectively do the job and are they a “good fit.” For the team to maintain our standards, everyone must work together seamlessly.
Our company has been accredited by CREST for penetration testing, which I think speaks to the expertise of our team.
Q. Do you have any expansion plans?
Yes! We recently accepted our first-ever external investment, helping us accelerate Incenter’s development and bolster our service offerings. While we’ve avoided playing the classic security game (overhype a product, have an excellent conference booth, and then blame clients when things don’t work out), we realized we could no longer rely on word of mouth and client references to growing. We’ve begun to focus on expanding awareness of our brand while staying true to our roots.
We work globally, so our expansion efforts will continue to focus on finding good people. We’re also working on some partnering agreements which will enable us to serve even more organizations.
Leading OccamSec’s sustainable growth and industry domination
Mark Stamford is the Founder and CEO of OccamSec. Mark started security at age 11, eventually turning it into a career where he has over 20 years of professional experience in cybersecurity, operations, control assessment, and related fields.