You Can’t Go It Alone – Relationships Drive Cybersecurity

Twenty years… feeling a little nostalgic. If you’ve been following along as I catalog the journey and our lessons learned, thank you, more to come. (If not, check out the several previous posts). There are themes, and this week, I’m remembering (and enshrining) many of the on-going relationships we’ve built along the way.

Seeing so many names sprinkled again and again across our timeline brought something profound into focus: our rich relationships have played as big a role in our success as we have.

We don’t bring that up to brag about the people we work with (not much at least). And it’s not meant to be a business lesson either. No, the vital role that partnering with people have played throughout Security Innovation’s history reveals something fundamental about cybersecurity: it’s never a solo endeavor. You only make things harder when you go it alone, yet you gain great strength from forging the right partnerships.

We would not have made it to this milestone alone. We would not have had the same impact on software security, either. In this post, we want to highlight several standout relationships that got us to where we are today.

Customers, Standards Committees, & Alliances

  • Microsoft – Microsoft was our first corporate partner and remains a client to this day. Landing the world’s biggest software company was a big boost to our early confidence, and that partnership has proved to be formative again and again. When Microsoft hired us to build courses on Microsoft SDL for software engineers, it catapulted us into the online training business. History with Microsoft led to us being founding members of the Microsoft Pro Partner Network, from which we’ve made diverse customers whose perspectives and pain points helped us develop our CMD+CTRL Base Camp product. It’s from these partnerships that we learned what practical, real-world software security solutions look like, and in the process solve some of the biggest software security challenges.
  • PCI Security Standards Council – From 2010-2016, we built, hosted, maintained, and updated 100% of all the online training for this influential standards body. That helped us become experts in PCI and parlay that expertise into partnerships with other key clients. Our partnership with PCI was as much a learning experience as a service contract. We gained as much as we gave.
  • Cyversity – Security Innovation was deeply involved with diversity and inclusion (D&I) before we got involved with Cyversity, a non-profit dedicated to help improve the lives of under-represented minorities in cybersecurity. This relationship is only beginning. We’ve already seen amazing results in conjunction with Google, Intuit, TikTok and more.  

Shout-Outs to Some Movers and Shakers

  • Mark Merkow, CISSP, CISM, CSSLP – Our experience working with Mark at Charles Schwab and other companies led directly to relationships with PayPal and augmented our involvement with NTRU crypto initiatives. Our partnership with Mark has pushed us to cultivate valuable expertise in fintech, and he even worked directly with us on our now-sunsetted TeamMentor product – this ‘partnership’ had as big an impact on Security Innovation as anyone.
  • Sandra (Sandy) Dunn – Sandy Dunn first took one of our courses when she was an employee at HP, then called us repeatedly over the next 19 years as she ascended the ranks. Sandy is another partner who trusted us to adapt to different projects and industries – her last tenure was at BlueCross BlueShield. These projects alone helped us upgrade our skills and evolve our thinking as much as any work we’ve done the last 2 decades.
  • Mark Nesline – A partner for 18 of our 20 years, Mark brought our team into all five of his employers, giving us invaluable experience serving companies of different sizes, styles, and strategies. Customers like Mark helped us see software security in new, on-the-ground ways to keep our thinking fresh and current.
  • John Ciesla – For 10+ years, John Ciesla called on us to tackle some of the most ambitious projects in our history. He helped us land a major deal at Sony provided we could translate 40+ of our courses into Japanese. And he called us into companies like Mutual of America where software security has high stakes. This relationship always pushed us to be better.

Cultivating  Community

The idea that people and relationships drive cybersecurity, enriching it through communication, collaboration, and community, was not exactly a recent revelation for us. That idea was on our minds when we started the Ed TALKS shows in early 2020. Each episode brings together thought leaders to discuss hot-button issues in depth. For the cybersecurity inclined, it makes for great listening – but information and entertainment aren’t our only objectives.

From the show we’ve been able to connect with and in some cases partner with dozens of cybersecurity leaders, each of which brings something unique and valuable to the table. The Ed TALKS audience has also been a valuable source of practitioner perspectives. They bring so many interesting, unexpected, and new connections into our orbit. As we’ve consistently learned over 2 decades, these relationships are priceless.

With rich relationships, cybersecurity gets better for everyone. That’s how we go from baby steps to revolutionary leaps – by creating a sum that’s greater than the parts.

From employees (new and old), customers, partners, my treasured ecosystem and network, thanks for the memories and here’s to making more!