Sullivan Alexander is a Contributor on the Price of Business on Business Talk 1110 AM KTEK (on Bloomberg’s home in Houston) whom you can learn more about at www.contureadvisors.com.
Sullivan recently interviewed Mark Chapman, President & CEO of PhishLine.
About the interviewee:
Mark Chapman – CFE, CISSP, CISM, CRISC is the President & CEO of PhishLine. Mark has spent the majority of his 20+ year career leading talented teams in the development of cutting-edge solutions in the areas of risk management, information security, and social engineering.
Describe the business model including (products or services offered, number of employees, location, type of customers you work with, etc.).
PhishLine was launched in 2011 to help Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing. PhishLine is based in the Midwest, headquartered in Milwaukee, Wisconsin. The company has rapidly grown to over a dozen full & part-time employees. Enterprise level customers within the Fortune 100 and the Dow Jones Industrial index have selected PhishLine as their Social Engineering Management Platform of choice. PhishLine is a Software-as-a-Service application that is also provided as a Managed Service to companies ranging in size from several hundred employees to multi-national companies with tens of thousands of employees globally.
Tell us about one of the innovative solutions or services your company designed for a customer.
PhishLine has developed a renowned Managed Service offering that provides enterprise security teams with risk-based planning, customer specific content, and deep analytics guided by a team of security experts. This methodology has allowed large enterprise customers to save hours of time learning software and focus their efforts on taking action and implementing security controls based on their findings.
What challenges did you face and how did you overcome the challenges?
Social engineering is a complex area of information security and requires more than software alone to achieve results that make a difference. It was a challenge to take the infinite amount of variables that security teams face and develop a model and solution that was scalable and personal enough to emulate what enterprise customer’s face in real world attack scenarios. The challenge was met by leveraging our roots in developing risk-based security solutions and connecting that to the experience, feedback, and insights of our customers. Our customers have helped guide everything from prioritizing our software enhancements to the personal approach we take in reporting and interpreting results.
What do you see as “hot button” issues in your industry, and what are the implications?
There is often a lack of meaningful metrics established to guide and direct the actions of information security teams. Without this objectivity, too much attention and time gets spent on generic awareness efforts; this traditional approach ultimately places organizations at greater risk because they are not evolving; meanwhile the threats and attacks are rapidly advancing. Reducing risk and strengthening security is not an exercise in repetition.
What makes your business different from the competition?
By taking a holistic, risk-based approach and applying it social engineering and phishing threats; we have been able to help enterprise security teams reduce risk and counter social engineering threats by assumptions with facts and discoveries. PhishLine provides information security professionals with a level of security intelligence and visibility that was previously only available to those looking to do harm. By sharing the attacker perspective, enterprise security teams are able to reduce risk and take immediate actions to strengthen security.