Recalling his rise through the cybersecurity ranks in his time with the U.S. Navy and into the private sector, Stutzman, the company's chief executive officer, said:
“As a Navy intel officer, I focused on information warfare — before the days of CYBERCOM. I left the Navy in 2001 and worked for Cisco, building their early supply chain risk management program as project manager. From there, I worked as the CISO for Northrop Grumman’s $7 billion electronics business, followed by Carnegie Mellon, and then the GS15 in charge of the defense outreach program at the DoD (U.S. Department of Defense) Cyber Crime Center.
“After leaving the government in 2012, I produced high fidelity cyber intelligence, including profiles of bad guys. My team is made of large enterprise people with similar backgrounds, catering to those who could never do this on their own: SMBs (small and medium-sized businesses). We have clients from one person to 7,500 employees, and they benefit from a very senior team.”
As for recent business moves, Trusted Internet purchased a Stellar Cyber server in 2022, which it hosts internally. II don’t trust XDR clouds,” Stutzman says candidly. The company also hosts the Veriato Cerebral insider threat server for those U.S. defense companies.
“And we’ve started deploying mobile device management for all of those who call and tell us their iPhones have been hacked,” Stutzman says.
Best Moves of 2022
The purchase of Stellar Cyber and bringing the server internal to our Trusted Internet’s Iron Mountain environment was a game changer. As Stutzman explained:
“No longer limited by Fortinet and their walled garden, we can now open the sales aperture to include just about any device that can be ingested into Stellar. And where Stellar doesn’t ingest, we can write parsers.”
He noted the launched of a new sales and marketing program:
“We figured out that if we attend conferences targeting the same kinds of clients that we target, we’ll get sales. We’re doing primarily NIST 800-171 work, but I’m an MSSP/XDR user now. The world is my new oyster!”
Have there been any business missteps? Stutzman admits to one:
“I overpaid for labor in 2021, correcting that in 2022. As a bootstrapper, there’s a constant need for balance and cash flow management. Although I watch it carefully, there’s always going to be one of those times when you take a risk. I did, and it didn’t work out. We corrected it in 2022. Now, after four years of constant reinvestment, our backend is now built for scale. This is the year of normalization and managing to the margins.”
Owning “Virtual CISO”
Stutzman notes that his team is comprised of 26 experienced people:
“We have no new grads, but we do have a U.S. Department of Labor-registered apprenticeship program for honorably discharged vets. It’s good for us and it’s good for them. We get OJT SOC analysts and they get trained. As for the rest of my team, about 80% of my SOC staff have masters degrees and 10 years of experience.
“And our Virtual CISO™ team — yes, I own the trademark for ‘Virtual CISO’ — are all seniors who’ve been medium to large enterprise CISOs, and now help small companies. Every company in our portfolio gets a named Virtual CISO.”
Recently, Trusted Internet has begun running baseline National Institute of Standards and Technology (NIST) 800-171, ISO 27001 or SOC 2 assessments on its commercial clients.
“It’s good to see the risk and workplan memorialized on paper,” Stutzman said. “It makes it easier for the client to digest.”