Cybersecurity for Smaller Companies with Rob Simopoulos from Defendify

DISCLAIMER: Below is an AI generated transcript. There could be a few typos but it should be at least 90% accurate. Watch video or listen to the podcast for the full experience!

Rob Simopoulos 0:00
So we see on a daily basis, small and midsize companies all of a sudden their top customer, their security team sends them a questionnaire and says, Do you have these 75 or 85 things in place to protect the data that we’re providing to you. And if you don’t, we’re going to do business with someone else. We might select a different vendor, you know, we might force you to put those things in place.

Alexander Ferguson 0:24
Welcome to UpTech Report. This is our applied tech series UpTech Report is sponsored by TeraLeap. Learn how to leverage the power of video at teraleap.io. Today, I’m joined by my guest, Rob Simopoulos, who’s based in Portland, Maine. He’s the co founder at Defendify. Welcome, Rob. Good to have you on. Alexander, thanks for having me. Appreciate it. Now, the Defendify as I pulled from your website is an all in one cybersecurity SAS platform that’s designed specifically for those organizations companies out there that don’t have a security team, which a lot of small businesses, they go to like, what should I be protecting my business? What are you talking about? So our conversation is around cybersecurity. Let me understand, though, like, Rob, what, what do you see is the main concern or issue, or rather, the concern that maybe small business should have small midsize businesses? What What, what is that?

Rob Simopoulos 1:13
I think that, you know, if you go and look back, traditionally, let’s go way back to like 1950. And think about, like, what security was all about? Nobody was really talking deeply, especially in small and mid sized companies about cybersecurity. You know, they were talking about maybe physical type of intrusions. And at that point time, people started installing alarm systems and, you know, protecting their physical assets, whether that’s in a building or in a retail store, wherever that might be. But today, it’s a different world. We’re living in a digital world and cyber attackers have found ways to cause digital crimes. And that’s really what cybersecurity is all about, you know, putting protection in place to protect against a cyber criminals methodology.

Alexander Ferguson 1:50
I feel like a lot when it comes to small business, small, mid sized business, they think, well, they will get me I’m not big enough why they wouldn’t care about me. Have you seen that?

Rob Simopoulos 2:00
Yeah, you know, there’s a massive shift that’s occurring. And I think that what we the way we need to think about is that small and midsize businesses are realizing now are hopefully starting to take get more awareness that they need to have cybersecurity because cyber attackers are realizing that these smaller businesses are easy opportunities for them to cause their crimes. And the one thing we see happening over and over again, quite often is small businesses being you know, impacted by thing like ransomware. Now, where their their data is being held hostage for them to pay a ransom or something along those lines. That’s not only happening at the enterprise level that you keep hearing about in the news and reading about every single day, especially lately, but it’s happening at small and midsize businesses every day as well.

Alexander Ferguson 2:41
This this concept of well, I could be hacked isn’t like, isn’t my firewall enough? Like it isn’t what I already have enough I have the antivirus is that’s not the case, though, is it?

Rob Simopoulos 2:53
Now it’s not enough anymore. You know, today, there’s so many different ways that cyber criminals cause their crimes. And just having you know, a piece of antivirus software on your computer, and a firewall which is the you know, the the box that sits between your internet connection, your network is nowhere near enough. There’s lots of different ways that can accomplish those. So, you know, a real simple way could be just simply, you know, credential compromised. So where a cyber criminal has obtained your password in some way, shape, or form. And with that password has like been able to get into your email system or, you know, some online program that you utilize, that’s not going to be detected by traditional antivirus and firewalls.

Alexander Ferguson 3:30
What really what can be happening is just take a second about like, if you’re a small business, what should they be paying attention to? What data should they be concerned about that could get hacked?

Rob Simopoulos 3:39
That’s a great question. So you know, cybersecurity professionals will go through a process of what we call data classification. And I think that there’s a really easy way to look at it. So if you think about the data that you store on your computers and servers, wherever you know, online, wherever you’re storing that data, think a little bit about the confidentiality and how you need to protect that. So if we just talked about, for instance, your sales documents, the brochures that your salespeople use every day, do you need to protect that, you know, with heavy security? No, not really, that’s public stuff, you put it on your website, you email it to people, you’re not so worried about it. The question you can post yourself is asking yourself the question when you look at the data and say, am I willing to put this information publicly on a public facing website? And if your answer is no, I don’t want to do that, then that’s probably data you want to have protected that you don’t want other people have access to. That’s a really simple way of doing it. And there’s different levels of confidentiality and protection want to put in place but if you wanted a simple way of looking at it, that’s one way to approach it. I like that the

Alexander Ferguson 4:37
simplicity Are you okay, if this was on your website that everyone see? If not, then yeah, you probably want to protect and protect it. Now. Let’s take a second I want to hear a bit more about your journey. And like the origins of defend defy, how did you did you just wake up one day and say, small businesses, they need cybersecurity support. Let’s do that.

Rob Simopoulos 4:56
Right now. You know, so I’ve been in security my Whole Life in one shape or form. You know, back when I was 18 years old, I started in the physical security space, you know, as a technician installing cameras and access control and had my own business doing those types of things as well. My business partner Andrew and I got together and we saw an opportunity to help small and midsize businesses with cybersecurity. And really the real catalyst was cybersecurity is complicated for most of these organizations, you know, if you if you’re not in the security field, and deep into that, you’re probably wondering every day about what really is cybersecurity, and what do I need to do. And we saw that as a big problem, we started our company as cybersecurity consultants. So our teams would go in and do testing assessments, we would train people build policies and plans and recommend technology and so on. We did that for quite a while we had some great success, Alexander, and then we saw an opportunity to build a platform to deliver those services, you know, under a single all in one cybersecurity solution. And that’s what we took the next step with. So we raised some grant money and investor capital built a great team started building the product, and we rebranded our company to defend a phi, which today is an all in one cybersecurity platform.

Alexander Ferguson 6:05
So starting as consultants first and then you realize, wait, we can actually scale but more if we turn this into more of a sass platform, that first portion, it sounds like you, you basically bootstrapped it, you built it yourself. But then when you made that transition, that’s when you sought some funding.

Rob Simopoulos 6:22
Well, we did that. So when we started building the platform, we initially sought some funding and self funded ourselves. Where we are based head office in Maine, there’s some amazing programs here where you can receive grant capital and development loans for startups to begin their technology journey. So we took advantage of some of those along with some, you know, some of our own capital, along with some private investors helping us too. So that’s how we got started. And you know, when we, when we decided to build the platform, it wasn’t necessarily just about scaling, we really wanted to find a cost effective way to bring cybersecurity to small and midsize businesses because consulting can be an extremely expensive practice, you know, it’s an individualistic, go there and go through a whole journey. We want it to be able to scale quickly as you described, but also to be able to bring it in a cost effective manner.

Alexander Ferguson 7:06
I’m always fascinated with the journey itself of building and building business, every business leader loves to hear the story, turning something into from service into SAS. I mean, was it simple? Was it easy? No, it’s still not easy. It’s,

Rob Simopoulos 7:21
it’s definitely difficult. You know, from the technical perspective, we’ve got some amazing team members here who have put this together and continue to innovate and build some new things for our customers every single day. I think the other challenge that we had is that, you know, our concept around it is that, you know, there’s a lot of cybersecurity products in the market that are like single point solutions, where you buy one thing that does one thing. And, you know, it’s solving one small issue on the cybersecurity side. And our plan. And our vision was, let’s not just have one, let’s like build a all in one cybersecurity platform. So that made it even more difficult in the sense that we had to, you know, have, you know, 1213 different modules in one place, and innovate on on every single one of those. But we’re there and we’re continuing continuing to innovate. And we’ve got some great new ideas, and we’re pulling it all together, but easy, no, not easy, for sure.

Alexander Ferguson 8:13
Not easy for you, what would you say is, maybe the biggest lesson learned of this helped you grow. And maybe it’s a tactic or an element that as a as the business leader, that you found work? Well.

Rob Simopoulos 8:28
I think that the key to every business is the amazing team members that you put in place, you know, you can’t do that on your own. And you need to surround yourself with people who have skill sets outside of your own, who have the passion and so on. So, for us, that’s really the key to success on the on the team side. The other part of it is, you know, listening to the customer every day. You know, as an example, when we first launched our platform, I remember going out and we were going to launch the platform, this is the idea of going out and talking to our customers and saying to them, hey, we have this idea. What do you think, and getting their feedback? Yeah, that sounds pretty interesting. We’d be interested in that, building the platform and bringing it to them and then getting that feedback once it was in place. We call them actually our test pilots at that point in time, they will you try this out and give us our feedback. You know, that’s another really key thing I think that I think is really important is that test pilot process where you can use customers to you know, try your stuff out, give you feedback, bounce ideas before you get way too large. You know, I think that’s another thing to think about as you continue to innovate and build a business for the team.

Alexander Ferguson 9:32
side, what was like the crucial hire for you and it first couple crucial hires when you switch to the SAS model, that that you would say, that’s what helped you grow?

Rob Simopoulos 9:44
Yeah, I think definitely. The key part is, you know, the development team. You know, if you’re going to build a SaaS platform and innovate and build great technology, the engineering side of your business needs to be extremely strong, especially on the cybersecurity front. And you know, because we everything we do here at defensive We try to take a security first mindset. So like in code and development and everything that we do through sales, marketing the whole bit. So you know, getting the right team members who have that sort of mindset and understanding that we’ve got to build it in that way, shape or fashion, you know, that was essential as well. But I have to say that engineering has been a key part in getting the platform to market.

Alexander Ferguson 10:20
How big is the team today?

Rob Simopoulos 10:22
So we’re in total, we’re just over 20 people in total here.

Alexander Ferguson 10:25
Now, for you that kind of the platform itself of how it works, it’s not getting too much the technical details, because not everyone cares, too, as much. But some people do, like, what can you describe of how the technology works?

Rob Simopoulos 10:39
Yeah, so fundamentally, what defendant fi does for you is it allows you to build a cybersecurity program inside of your business that involves assessments and testing, training and policies, and then detection and response. And one of the challenges in the industry is that if you’re a small IT team, and you don’t have security professionals on staff, you know, how do you go about and deploy a whole bunch of different solutions in order to accomplish the goal of holistic cybersecurity, it’s very challenging, like a small business or medium sized business with 234 it people, they’re very busy, and they’re busy on Help Desk, and a whole bunch of projects and other things as well. And now, if you ask them to build 12, you know, take 12 different technology tools, put them in one place, and manage all of them independently and get those running, you’re going to crush that group, it’s not going to be possible. So our whole philosophy around it is what if we were able to accomplish that in one spot, and then but also try to automate as much of those things as we can. So as an example, you know, with our vulnerability scanner, which is a tool that scans your networks and at your networks to look for vulnerabilities of devices and software, you know, you can basically put in your information. So the IP addresses, you want to scan, hit activate, and the scanner runs and functions, and it produces your report automatically at the cadence that you’re looking for, and brings you back the details that you want. You don’t have to go in there and manage and control and click all these different things. So we’ve really, the automation side of the business has really been a game changer.

Alexander Ferguson 12:06
Do that, who would be the person that would still need to then manage it and review the responses or reports that come out of that?

Rob Simopoulos 12:14
Yeah, so fundamentally, if they don’t have security professionals on the team, so let’s say there’s a group of three it people, it’s some administrators on the IT side, we do also see, you know, they may be the CEO or the CEO, also going in and looking at some reports. There are also it providers who are partners who take the benefit of market as well. So that’s a consideration to what those teams do is they’ll actually, you know, they’re trying to provide more cybersecurity, to their customers today. So a lot of times our customers might just have antivirus and firewalls, but they know now that they have to provide a lot more cybersecurity. So they’re taking defender five providing that to their customer. And we see those it providers doing it in two ways. One is where they manage the whole thing themselves. So they turn on all the tools, they run these these systems, manage it on behalf of the customers, but some of them will be a hybrid setup, where they’ll allow the customer to also go into the platform, and review the reports and see how everything is going and so forth.

Alexander Ferguson 13:10
Gotcha. Gotcha. Now, this this whole concept, again, coming back to solving the issue of vulnerability, removing the vulnerability, is it possible to like just be completely protected and have to worry then is it? Is it possible to get to that point?

Rob Simopoulos 13:24
I don’t believe so. I think that you’re constantly, no cyber criminals are constantly going to be causing their crimes with new methodologies and different ways of doing it. You know, I’m trying to keep it as simple as I can. And I know we’re talking about cybersecurity, let’s go back to the physical security, you know, side of things, you’re trying to protect a building, you know, back in the day, you know, my early days, my early career, you know, we saw people getting on top of golf stores and cutting small holes and using fishing rods to pull, you know, pull out, you know, pull a golf clubs at a golf stores, you know, because they knew the motion detectors were around the perimeter. So they were always getting more creative. The cybersecurity attacks are exactly the same way. And you know, cyber criminals are, you know, testing their malware and their attack methods against, you know, known antivirus products, they’re, they’re trying to convince your employees to click on links and files that they sent to them via phishing emails, you know, their, their trading and selling passwords in the dark web. There, there’s a variety of different approaches that are there. And, you know, it’s a constant like offensive defensive thing that’s going on. So you know, perfect security, I think, you know, there’s no such thing because there’s always going to be ways that people will figure out but I think that the another part of cybersecure that’s really important is being prepared. So you know, having an incident response plan, understanding that if things specific things happen, what you’re going to do to get yourself back up and running and get yourself back up and running quickly. You know, the same way that if you you know, your car broke down, you’ve got a plan in place and you know, what you’re going to do in order to get yourself back in right you got AAA or whatever it might be to, to help you out right.

Alexander Ferguson 14:56
What’s the future then for you guys? Like what Knowing that cybersecurity never never stops, you’re always innovating always where what can you share of where you guys are headed?

Rob Simopoulos 15:06
Yeah, so we’re continuing to grow dramatically, we’ve got some great innovation and ideas, we’re continuing to build great product and new solutions. We just released our breach detection and response module and defended by recently. So that was really exciting. The team is, you know, going to market and continuing to grow rapidly. So our marketing team is, you know, holding lots of educational content and bringing that to market to try to educate people who maybe don’t have expertise in cybersecurity, to understand what really what cybersecurity is, and to to help them understand how they can deploy a program and get things running. So yeah, and all those friends were moving really quickly,

Alexander Ferguson 15:44
you see, still a kind of a gap between like the knowledge and understanding of what is cybersecurity and the need for it?

Rob Simopoulos 15:52
Yeah, I think that there’s no doubt that to a lot of individuals, cybersecurity, is complicated, you know, so when they look at it, they don’t necessarily understand really what cybersecurity is. And so there is definitely a challenge on the awareness front. I think one of the areas that’s really interesting to look at is at the business leadership side, that is not it. So the non it business leader, so maybe the CEO, the CEO, you know, they’re sitting back and they’re going to their people or their IT provider and saying, you know, we have good cybersecurity, right, I just I just heard about an incident that occurred, I just read it in the news. We have good cyber script, and you know, that that person might respond back like, No, I think we should have a little bit more Well, what do you mean, we don’t have enough cybersecurity in place. But when they hear about, you know, from them, that they need budget, they need to start implementing these things, and it starts becoming an expense center. You know, a lot of these non it business leaders might say, like, okay, hang on, we’re gonna spend the money in a different place. The one thing I can say for sure, right at this point in time is that I really feel that every business today should really holistically be looking at their cybersecurity, and having that conversation with their IT provider, their IT person, and really starting to understand that this is something that you’re going to have to invest some budget into, to prepare you for the future. It’s not anything you can ignore. And and there’s another reason why as well as that there is a big thing called third party, third party vendor assessments that is occurring at rapid rates. So I’ll give you an example of what this is. an enterprise organization today has security teams and the whole bit, they realize that the people they do business with the vendors that provide them the services, small businesses, mid businesses, midsize businesses are, you know, a risk or a threat to them in the sense that they might be storing sensitive data of them, they might actually be sending people into touch their system, set up systems, and so on. And so they’re starting to realize that and what they’re doing now is they’re providing cybersecurity assessments and questionnaires to their vendors, and then determining whether they’re going to do business with them or not. So we see on a daily basis, small and mid sized companies, all of a sudden, their top customer, their security team sends them a questionnaire and says, Do you have these 75 or 85 things in place to protect the data that we’re providing to you. And if you don’t, we’re gonna do business with someone else, we might select a different vendor, you know, we might force you to put those things in place. You don’t want to be as a smaller midsize company caught in that spot where your top customers asking you about cybersecurity, and you don’t have the answers in place, I’d highly recommend getting ahead of it. conducting an assessment on your own company to see where you stand where you need to make improvements so that you can have that, you know, open conversation with your customer about Yes, we have cybersecurity in place, we’ve take those steps, we take it seriously. So yeah, there’s definitely an awareness challenge. But I think things are improving. And we can think, unfortunately, the news and everybody talking about what’s what’s going on in the world. But these are real life things that are happening and impacting small to mid sized businesses.

Alexander Ferguson 18:48
If you could make a tech prediction of the future, what we could see when it comes to technology in the cybersecurity space, what would you say?

Rob Simopoulos 18:58
I think that the technology continues to get easier to use, it has to, you know, with the you know, they continue to talk about like a shortage of cybersecurity professionals. And that can be debated in one way or another shape or form. But the fact is, if you need to implement cybersecurity technology, you know, we’ve got to make it easier for people to utilize. And that’s obviously one of our missions here, right. But every technology that you use today, some software application, it’s getting easier and easier. The you know, the UI UX and the way you interact with it and integrations and so on. I think on the cybersecurity front, that same thing has to happen. We’ve got to find easier ways so that you know more people can utilize the tools and technology and help protect their businesses

Alexander Ferguson 19:38
today. I love it. Well, thank you so much for giving us kind of the history of both where it was where you guys have come from and headed and also the future of, of where cybersecurity is I feel like your your point of like, we all need it. We just need to realize that we have to put budget towards it. That may still be I don’t know a barrier.

Rob Simopoulos 20:00
Right, it’s definitely a barrier. But at some point, it’s going to be on everyone’s, you know, income statement somewhere that, you know, cybersecurity is an expense.

Alexander Ferguson 20:07
Just Just as like you need to, is a good analogy connect back to physical security. You mean you lock your doors and make sure you have that, but why would you not in the in the cyber world, and it’s only getting crease in there,

Rob Simopoulos 20:17
it’s exact same way. You know, back in the day, it was just an alarm system. But now people putting alarms and cameras and access control where the same boat, it can’t just be antivirus and a firewall, you got to put more layers of protection in place because the threats are changing.

Alexander Ferguson 20:32
Well, if you’re a small business out there, feel free to go check out Defendify.io and you’ll be able to explore and get a demo looks like of their product and to learn a bit more. Thank you so much for sharing your insights and spending time with us. Thanks for having me, Alexander. Take care. We’ll see you all on the next episode of UpTech Report. Have you seen a company using AI machine learning or other technology to transform the way we live, work and do business? Go to UpTech report.com and let us know