Smart Security for Better Business
We deliver end-to-end security programs and are a trusted partner to businesses and public organizations. We strive to be the best security services firm in the market today. We offer a complete portfolio of security services and best of breed security technologies to our clients. Today, we maintain a portfolio of over 200 clients ranging from small businesses and institutions to Fortune 100 companies.
How we’re different…
Our story starts in 2009. At this time, I was the Chief Information Security Officer (CISO) for a company in Vermont and was aspiring to be a respected company executive. I’ve always been enamored with information security. I worked diligently to establish my place in the profession. I worked to get into the field, established certifications, and did everything to establish credibility. I wanted to prove I was worthy of this opportunity in the information security field. I believed a security leadership role in a growing company would be the pinnacle of my career, and I had arrived.
As a new CISO, I quickly learned the job is not all about security. There were a lot of politics. People stepped on others to advance their career, and budget dollars were scarce. I quickly learned my new job was to be the political face for the security team and to evangelize the need for security to internal business units.
In 2013, I had a small budget that was Opex (operational expenditure), not Capex (capital expenditure). I could hire consultants (Opex), but could not arm them with security tools (Capex). So essentially, I had a bunch of farmers with pitchforks fighting an army with automated cybersecurity weapons. To make matters worse, I couldn’t find a single security company or partner to help me deliver my security program. I could find security partners to do security testing, but they could not do any security engineering. I could find companies to help me implement Splunk, but really they weren’t that good at a Splunk and didn’t know anything about security. I could find Incident Responders, but they couldn’t do anything else security-related. I quickly realized that the security industry was, and still is, a very fragmented market full of niche vendors. The sum of these vendors didn’t equal a full security program.
It was about 2013 when I had enough. I was disgruntled. After all the years of evangelizing for budget and receiving half-solutions from a fragmented security vendor market, I was now at a point where I was bad-mouthing an industry that I grew up loving. My watershed event came that same year when my management made me hire a company in the Big 4 to do an ISO27001 Security Assessment. That Big 4 company charged me a lot for the assessment, but from the company management standpoint it was the “safe bet” because no one can refute what the Big 4 suggests. My question to management was: “Why are we having an accounting firm assess our security? You would never have an information security professional suggest an appropriate chart of accounts or do someone’s taxes!”
The short story of the assessment was that it was a disaster. That Big 4 company sent me staff members just out of college. Their lead assessor had never done an ISO27001 assessment. Having been an auditor in the past, I understood the auditee has an obligation to feed the auditor information to arrive at mutually beneficial recommendations–so I helped with the audit as it was an opportunity to push the security agenda and get the issues I need fixed highlighted to the management team. For the big price tag, I expected the auditors would be practiced in the standard. I was, again, disappointed. I helped teach ISO27001 to their organization. After helping my Big 4 partner write the report and do the board presentation, I had transitioned to completely cynical.
Late 2013, I took two weeks off to reset on my career. I traveled to Australia with my wife who was speaking at a conference. With the time zone change and alone-time, I reflected with uninterrupted thoughts on the last few years. Completely cynical and hating security, I realized I had two options–I could complain and let the issue persist or I could take action. I chose action, and NuHarbor Security was born. When I returned from Australia, I quit my job as CISO and began NuHarbor Security’s mission.
Today NuHarbor means a New Understanding of the Harbor, and Harbor is a synonym for someplace safe. We do security differently–the right way, and the way it should be done. We come from a place of having walked a mile in your shoes, we’ve sat on your side of the table, we understand the challenges, we understand the frustrations. There’s a better way to do security. Today our mission is to be the absolute best information security service firm in the security services industry. We provide end-to-end security services, and we are continually evaluating our portfolio to deliver relevant security services. We have developed a best of breed philosophy around security technology and have developed deep industry expertise around those technologies. For many of our clients our approach to security, our comprehensive offerings, and our client-first perspective makes us a long term security partner.
CEO & Founder