digital transformation Tag

Yeah!
digital transformation Keynote Speakers

Dave Knox sat down to talk about the rise of cybersecurity and why today – particularly in our new work from home environment – it is becoming a topic of board room discussion. In 2002, Scott Price was 26 years old when his employer, Arthur Andersen, went out of business following Enron. With his focus on auditing security around technology controls, Scott started his first company, growing it to $11 million in revenue seven years later. Sensing a broader opportunity, Scott left to start A-LIGN in 2009. As CEO and Founder of A-LIGN, they help companies comply with different regulatory and information security standards globally.

Dave Knox: When you started your career, audits and compliance were mostly financial. Early in your career, you saw that a change was coming and that need would broaden. How has cybersecurity changed compliance over the last decade?

Scott Price:  I think compliance really allows businesses to trust each other. I talk about the fact of what we do allows businesses to trust and respect each other. They want to be able to trust businesses back and forth of sharing data and us as consumers, we want to make sure our companies respect the data that we give to them. A-LIGN’s focus on having a very broad framework of how we attack those from a security controls perspective, I think really adds value to our clients because they see the fact that they can either raise funds, do business with a new company, move upstream or really just improve their business because of that trust. Having great cybersecurity controls in place is going to mitigate risk and make your company more successful.

Knox: Is the conversation around cybersecurity changing at the executive level?

Price: I think people are starting to talk about it moving from behind the scenes to the board room and I really do believe it’s become a board room discussion. But security is still not the place where we say okay, if we have a dollar to spend on sales and marketing or we have a dollar to spend on security, we’re going to choose security. Companies are going to consistently choose growth metrics and growth dollars over the fact that these are things that could happen. Let’s face it, with cybersecurity we know it’s going to happen, it’s not the if but the when it will happen. You do see it continuously getting more exposure at the board level though. And the focus will continue to increase as greater fines are incurred, companies lose major customers, and relationships are strained when you’ve influenced their cybersecurity environment.

We’re clearly biased as a company that helps organizations of all sizes reduce cybersecurity risks, but we feel that the ability to spend dollars to demonstrate compliance with cybersecurity regulations really will allow sales and marketing to drive further. We found that 66% of our client base takes on Series A funding or greater within 160 days of hiring us. We’ve seen the fact that they will get the funding and then want to move up market, so they’ll need to build these security controls in place. Or they’ll be looking for the funding and they’ll want to make sure that they have the best security controls as they go through due diligence. Investors and Strategic Buyers are starting to look at the compliance framework during the diligence process so it’s becoming a bigger, bigger issue.

Knox: Is there a way to measure an ROI when you think about security?

Price: I think the ROI is more if you don’t do something. You have to do it. People continuously underestimate the risk of bad things happening. I go back to the movie the Big Short. They found great investments because people don’t think that bad things are going to happen. They always undervalue it. I think it’s hard to put a dollar exactly on what the ROI is. I think it’s more along the lines of how it drives the sales and marketing aspect which you can put a dollar on that. It’s easier to measure the growth than to measure the penalty.

Knox: We mostly think of compliance and security as an IT responsibility but what you’re saying is it’s moving closer to being something the entire c-suite needs to care about. How do you think about that role of cybersecurity becoming more horizontal?

Price: There’s an often used phrase that they say cybersecurity is a team sport. It really is. We see the fact that sales and marketing are looking at their competition and seeing the types of certifications and assessments that those competitors can promote. They realize they need the same thing to be able to compete in the marketplace. We see it more and more driven by sales and marketing and then it becomes a responsibility of implementation by IT or operations. That in itself allows compliance and cybersecurity to have more visibility and not just sit in the back closet.

Knox: As a founder yourself, how do you coach and think about entrepreneurs engaging with security early on and planning ahead versus reacting?

Price: When you’re in a startup mode you don’t have time to go back and redo code, redo processes and procedures. You want to build those controls that are required for these cybersecurity regulations into the code, into your processes because you’re moving so fast. We really get excited when a CEO calls us of a startup and he or she is engaged with us before they’ve even been asked for the audit or the assessment, before they’ve even building their application and they just have this idea. That’s where we can have the most impact because it’s not going back and retooling a process. That allows us to understand what works for you at this stage and you can grow into that process. For us, the value that we get derived of interacting with what we call “Startup Steve” and that buyer persona is really fascinating for us.

What we find is that this founder is typically someone that came from a large company and they had first hand experience of going through that process, retooling things, and seeing their teams bogged down. They recall that pain and don’t want to have it happen with their startup. They want to align their strategy and their compliance objectives. We love to partner with them early on and be able to not have to experience that pain.

Not some people haven’t had to experience that pain before. For them, the biggest thing is to try to relate to them of where their objectives are and how we can fit into that and get them there sooner. They want to be able to get to market and they want to be able to acquire new customers. We tell them that if we partner now, we’ll be able to do that with you in a much easier format, take you to market quicker and be able to achieve whatever they want to do faster. We are able to talk about our experience with 2,400 clients, many of which we started working with when they were in the startup and small business phase. We can make those connections and help them understand why it’s so important to do this work at the startup phase rather than building processes and having to retreat later on.

Knox: In your own journey as an entrepreneur and as you have worked with over 2,400 companies, what lessons do you wish you had when you were starting that first company at 26 years old?

Price: I think the biggest thing that I’ve learned is I wish I would have focused more on how to be a good leader and CEO and to invest in our people early on. I constantly hear “you’ve built this great company in A-LIGN” but the thing is, we don’t sell a widget, we don’t sell a car. We sell our people being experts in their industry and being able to go out and interact with our clients. As we received our investment from FTV Capital, we’ve invested tremendously in our people with training and also in our technology. Those are the things that I wish I had done earlier and raised capital in order to be able to do that because we’ve seen the dividends of that pay off. If we had done that work in 2014, we might be 10 times where we’re at now.

We have four values and one of our four values is innovate constantly. We firmly believe that our clients want us to innovate and be on top of what we’re doing because they’ve chosen us as their trusted provider to be able to do just that. For someone that wants to grow and be pushed to the limit, this is the best feeling. This is what I love to do because we are constantly learning about new attack techniques that hackers are trying to do. The great thing is the hackers get worse every day and we have to get better to be able to support our clients. Standards change every day because cybersecurity threats change every day. This is one of the most interesting industries that allows us to have these constant changes, to keep it interesting. The standard is constantly evolving. Our client’s risk is constantly evolving. The technology behind what they’re doing is evolving. This makes this very interesting. We don’t sell black and white TV’s at A-LIGN. We’re in cybersecurity and it’s constantly evolving.

Knox: COVID-19 has created a new cybersecurity threat landscape for C-suite executives – especially CEOs, CIOs and CISOs. What kind of threats are organizations facing and what should you consider when choosing a compliance partner?

Price: The new threat landscape created by COVID-19 is our new reality – and even the most prepared business continuity plans likely did not plan for a worldwide pandemic that would disrupt business and IT operations. Organizations are facing new risks regarding a remote workforce and compliance initiatives as cyber criminals attempt to exploit the fear of the unknown. Continuing to maintain compliance, even during uncertain times, remains vital – and finding an experienced partner you trust that has the right people, process and platform will transform any security and compliance experience.

Dave Knox is a leading consultant, speaker, and coach in the areas of innovation, marketing, and digital transformation. Invite him to keynote your virtual or LIVE meeting/event.

(This article first appeared in Forbes on April 20, 2020)

 

*For a complete list of speakers on this topic "contact us”.