Aviva Zacks of Safety Detectives had the opportunity to sit down with Justin Beals, CEO and Co-Founder of Strike Graph. She asked him how his company’s solution helps its customers efficiently achieve SOC 2, ISO 27001, HIPPA, and GDPR compliance.
Safety Detective: Tell me how you got started in the cybersecurity industry and what you love about it.
Justin Beals: Very early on in my career, I had a cybersecurity position at British Telecom where I worked as a security associate. In that position, my responsibility was to secure and maintain a secondary network system for the global points of presence that British Telecom had started installing across the world for frame relay network systems.
I didn’t stay in security specifically as an industry that long ago. I moved on to become a software developer and an entrepreneur, and that’s probably more relevant to the story of how Strike Graph was created.
I have worked at a lot of venture capital-backed startups lately. My role is typically chief technology officer. Recently, I worked at a startup in the Seattle Washington area called Koru, and our product suggested the likelihood that an applicant for a position would be a high performer. To build our AI model, we required the acquisition of a lot of employee data to build highly accurate models for the predictions. Because we were asking to share this data, our customers started asking questions about how we treated the data and wanted to get to a place of trust with Koru before they would adopt the product.
I found a massive problem in our revenue and customer acquisition because it could typically take us 18 months to a year to get through a security review where a customer would be ready to share the data with us. I got interested in how to help build this trust with our customers and sharing data. After we sold Koru, I began working on the problem of how to make cybersecurity certifications easy to accomplish and effective to implement for every other technology company that’s sharing data with their customers.
SD: Tell me about the flagship solution that your company offers.
JB: Our company offers a solution to help our customers achieve SOC 2, ISO 27001, HIPPA, and GDPR compliance efficiently and effectively. One of the critical ways Strike Graph is unique is that it is designed to help a customer scope the right cybersecurity practice for their particular business. We like to say that compliance is not the same checklist for every company. But what’s important is to design the checklist that’s right for your company.
SD: How does your company stay ahead in a world filled with cybersecurity companies?
JB: A lot of companies sell their solutions on compliance because it’s a revenue gatekeeper, and they recognize it. For example, you might buy a powerful antivirus solution that is used as a part of your compliance activities. In other words, it’s a portion of your ISO 27001 certification. Strike Graph, though, encompasses all the activities that might be utilized to achieve that certification. One thing we say about Strike Graph is we don’t necessarily secure your existing systems. What we do is collect evidence that you’re doing the appropriate security work and help maintain that evidence and effective practices so that you can very efficiently maintain compliance, get through your audits cleanly, and create trust with your customers.
SD: What do you think is the worst cyberthreat today?
JB: The worst cyberthreats today are both the phishing issues that come through email for access or DevOps as a pipeline of code that’s been released to production. We’ve seen massive hacks that go on for a long time, giving unfettered access to data and information and not only the company that was hacked data, but all their downstream customers. For example, some of the hacks that really scare me are where a code was injected into the development operations pipeline. It got released to production and pushed to a number of customer systems, and then those customer systems were compromised.
SD: How do you see cybersecurity developing now that we’re living through the COVID-19 pandemic?
JB: I think there’s going to be a lot more emphasis on what we like to call “collecting the receipts.” We’re all working in remote locations and there’s the opportunity for access in even more distributed systems than we’ve seen in the past, so it is critical to make sure that enforcement around antivirus, antimalware installations, and firewalls is consistently checked and maintained.
Of course, that’s of interest to Strike Graph because our platform automates the collection of much of that evidence of effective practices, so, as we’re automating the collection, we can ensure that companies and individuals are maintaining those effective practices.