BitSight Technologies: The Standard in Security Ratings
The success of an entrepreneur is oftentimes driven by their ability to see the future and build a product for a market that doesn’t exist yet. If their prediction is correct, the company will have a significant lead in the market—and a competitive advantage.
BitSight Technologies is a textbook example of two founders who had a vision for the future and built a successful company around it. When the Cambridge-based company was founded in 2011 by Nagarjuna Venna and Stephen Boyer, data breaches weren’t making headline news like they do today.
Yet the duo had an idea: to create a cybersecurity rating product that would rate companies on their security practices the same way that consumers are rated by their credit score, or how bonds are rated by Moody’s.
“It was a market that didn’t exist,” said Tom Turner, BitSight Technologies’ President and CEO. “The founders did a great job of establishing this market, which turned into a massive opportunity.”
BitSight’s enterprise SaaS offering, the BitSight Security Ratings Platform, generates daily security ratings on a company’s security performance ranging from 250 to 900 (the higher, the better). The company says that these ratings are both objective and quantitative, produced using continuous analytics and proprietary algorithms.
This technology allows its customers to not only self-evaluate their security performance, but also help them better understand their third-party partners. Turner points out that security performance can have a significant effect on a business transaction, or entire business relationships. Look no further than last February, when Verizon dropped the acquisition price of Yahoo by $350M.
The platform operates by analyzing large amounts of an organization’s data, including user activities, vulnerabilities, and whether a company has any compromised assets. And because the technology works from the outside-in, BitSight doesn’t require participation from a company in order to form a security rating.
“The information we collect doesn’t necessarily mean that a vulnerability will be exploited. What we’re measuring is the presence of that vulnerability, and what it says about the culture of security in that company,” Turner said.
Turner originally joined the company in 2014, when the previous CEO, Turner’s longtime colleague Shaun McConnon, asked him to join. Turner and McConnon have a 17 year history of building companies together, which has resulted in two successful exits: OKENA was acquired by Cisco in 2003 and Q1 Labs was acquired by IBM in 2011.
“I tried to take a year off,” Turner said, “but Shaun was very persuasive. So five months into my hiatus, I came here to run sales and marketing.” Turner was appointed CEO this past July, while McConnon is now Executive Chairman of the Board.
The CEO is looking to build a pillar tech company in the Boston tech scene, aiming to make the BitSight team over 400 strong by the end of this year. They’re currently at nearly 300, spread across Cambridge (the company’s headquarters), North Carolina, and Portugal.
In Cambridge specifically, the company has increased its employee base by 70 percent over the past two years and just this past week the company completed a headquarters expansion to accommodate continued growth. The team continues to actively recruit top talent for all functional areas including sales, customer success, engineering and marketing.
All of this growth is in response to Turner’s statement that the market for this kind of solution is only going to get larger. “Gartner came out with a piece of research that said by 2022, cybersecurity ratings will be as common in business-to-business relationships as a credit score. That’s what we are doing here at BitSight—and we have much to do still.”
Images provided by BitSight.