The last two years I’ve been intently focused launching FortMesa to solve what I think is a civilization-level risk: Cyber Security.
I’ve got plenty of product messaging out there, but some people have asked me to talk more specifically about the mission.
Here’s a repost from a document I’ve circulated.
Please do check out what we’re doing if you’d like to know more.
What is [information] security?
Information security is knowing the basic building blocks of our economy and civilization are available when we need them, that they function in the fashion expected of them, and assurance private information stays that way.
The basic elements of our world including financial systems, trade, healthcare, human safety and even democracy depend on these elements working in concert.
Currently we are experiencing an explosion of “priced in” effects due to cyber losses. Current estimates put impacts on GDP at whole percentage points. Unchecked, we may soon cross a precipice where our growth dependent economy reverses course.
As we have gained the economic benefits of a global digital economy it is important we shore up defenses of our collective information infrastructure.
This is what we’re here to do.
Unraveling the FortMesa Catalyst
In the fall of 2012, based on customer need, I transitioned my technology consulting practice into one focused on security.
It was clear to me at that time that the cloud was materializing as the foundation our information economy would depend on. My work with customers had also made it clear that current policies and tools for securing systems were not suitable to withstand threats of this new platform.
I experimented with automating threat intelligence and policy enforcement, though my work with customers suggested that while there was still work to do in creating cloud friendly tools there was a greater need.
Organizations were on the whole ill equipped to manage cyber risk due to the lack of available security labor. What started as a boon to my consulting practice evolved into inspiration for a new product.
What’s wrong with the security industry?
Most organizations suffer from the same cybersecurity risks, and while experts exist to manage these risks they are difficult to find and come only at high cost. Even the security industry seems unaware that they can not grow high quality talent fast enough (feeling only the increasing ease with which they can acquire business).
While attention in some academic corners does highlight this growing labor gap the majority of those voices insist the solution to this is increased education and career development resources directed to create the workforce necessary to tackle this market failure.
This despite two glaring facts; the educational pipelines are not filling fast enough (young people are not on average attracted to the career), and using existing methods, tools, and millions of more workers will cost trillions annually (thus simply transforming losses into expenses).
Where do we go from here?
One bright spot in all of this is The Center for Internet Security. This independent nonprofit body was formed to tackle ineffective federal cybersecurity. Now, as a cybersecurity thought leader, they have developed a set of guidelines that prioritize security actions in order to increase the efficiency of security resource distribution. Although security researchers cheer the effort, most companies, even those with mature cybersecurity footprints still use antiquated risk frameworks.
Concepts introduced by CIS and the Zero Trust efforts contributed by Google are showing progress, but more is needed to take these academic efforts and transform an industry.
The FortMesa Story
In early 2017, I shut down my consulting practice, and along with US$300K of my own money began the journey to combine this insight, along with recent advances in behavioral economics to create a product that instead of siloing cyber workers or relying strictly on technicians puts business leaders, managers, and technologists together in the driver’s seat of organizational cybersecurity.
This product requires no additional cybersecurity labor to manage risk and reduce loss. Also, it supports existing cybersecurity engineers, magnify their efforts by teaming with staff outside their organizational silo.
FortMesa has already secured a strong core team, and we’re currently focused on building value for customers; we think we’re close to a viable product.
Right now we’re accelerating development of technical underpinnings and moving beyond early adopters toward general commercial availability.
We have more details to share, and would love to tell you about it. Join us while we endeavor to capture a piece of what we believe is an enormous market opportunity.
Matthew Fisch, CISSP
Founder & CEO