“As a Navy intel officer, I focused on information warfare — before the days of CYBERCOM. I left the Navy in 2001 and worked for Cisco, building their early supply chain risk management program as project manager. From there, I worked as the CISO for Northrop Grumman’s $7 billion electronics business, followed by Carnegie Mellon, and then the GS15 in charge of the defense outreach program at the DoD (U.S. Department of Defense) Cyber Crime Center.
“After leaving the government in 2012, I produced high fidelity cyber intelligence, including profiles of bad guys. My team is made of large enterprise people with similar backgrounds, catering to those who could never do this on their own: SMBs (small and medium-sized businesses). We have clients from one person to 7,500 employees, and they benefit from a very senior team.”
Best Moves of 2022
The purchase of Stellar Cyber and bringing the server internal to our Trusted Internet’s Iron Mountain environment was a game changer. As Stutzman explained:“No longer limited by Fortinet and their walled garden, we can now open the sales aperture to include just about any device that can be ingested into Stellar. And where Stellar doesn’t ingest, we can write parsers.”
“We figured out that if we attend conferences targeting the same kinds of clients that we target, we’ll get sales. We’re doing primarily NIST 800-171 work, but I’m an MSSP/XDR user now. The world is my new oyster!”
“I overpaid for labor in 2021, correcting that in 2022. As a bootstrapper, there’s a constant need for balance and cash flow management. Although I watch it carefully, there’s always going to be one of those times when you take a risk. I did, and it didn’t work out. We corrected it in 2022. Now, after four years of constant reinvestment, our backend is now built for scale. This is the year of normalization and managing to the margins.”
Owning “Virtual CISO”
Stutzman notes that his team is comprised of 26 experienced people:“We have no new grads, but we do have a U.S. Department of Labor-registered apprenticeship program for honorably discharged vets. It’s good for us and it’s good for them. We get OJT SOC analysts and they get trained. As for the rest of my team, about 80% of my SOC staff have masters degrees and 10 years of experience.
“And our Virtual CISO™ team — yes, I own the trademark for ‘Virtual CISO’ — are all seniors who’ve been medium to large enterprise CISOs, and now help small companies. Every company in our portfolio gets a named Virtual CISO.”
