For this Company Spotlight, we interviewed SecurityGate Co-Founder and CEO, Ted Gutierrez, about how they are helping companies in critical industry sectors that must maintain compliance standards and improve risk management practices to get ahead of issues that may threaten operations and team safety. SecurityGate is a Houston-based software company that provides an integrated risk management platform designed specifically for operational technology (OT) and industrial control systems (ICS) cybersecurity. For more information on SecurityGate, please visit www.securitygate.io.

Background: In 2017, Ted Gutierrez and Cherise Esparza co-founded SecurityGate after spending most of their careers in internal risk management roles within large critical infrastructure companies employing industrial control systems (ICS), such as Shell, Enbridge, and Noble. The catalyst for the founding of SecurityGate was the increased focus and scrutiny placed on cybersecurity assessments following the hacking of the 2016 U.S. presidential election. Ted and Cherise knew there would be a huge opportunity due to their first-hand knowledge of the inefficient, manual, and largely unscalable processes utilized to identify cybersecurity risks associated with critical infrastructure within large corporations.

Value Proposition: Currently, teams managing critical infrastructure assess cybersecurity risks largely by working through numerous compliance checklists, which are typically completed via email threads and tracked in spreadsheets. If there are cybersecurity risk factors that are identified and need to be remediated, there are typically no standardized processes to determine which remediations to prioritize, especially when working with limited budgets. This often leads to reduced value of the assessment program when too many personnel are trying to manage the remediation program.

SecurityGate optimizes the assessment and remediation processes by offering a SaaS platform that seamlessly distributes and collects assessment questions and responses, which then immediately computes a risk score utilizing its proprietary algorithm and generates a prioritized list of remediation recommendations that can be easily assigned to different users. SecurityGate’s customers benefit from this comprehensive, streamlined approach in the following ways:

1. Purpose-Built for Critical Infrastructure Companies: Rather than going through numerous compliance handbooks and checklists that ask the same questions in different ways, SecurityGate distills those documents down to a standardized series of questions that can also be customized to each client’s unique operational factors. Utilizing the decades of experience working with ICS cybersecurity, these questions are then automatically mapped to the relevant control systems, which makes it easier to identify exactly where potential points of failure exist.

2. Holistic Approach Encompasses Entire Organization: SecurityGate is not a compliance management tool but rather a tool to help guide business process decisions. By having executive management, operations, and IT all looking at the same “single pane of glass”, which summarizes the operational technology (OT) cybersecurity risk across the entire asset ecosystem, they can work through the recommended remediation steps together rather than continuing to operate in silos.

3. Allocates Time and Budget Toward Fixing vs. Searching: It only takes 2-3 hours to setup and implement SecurityGate in an organization versus the 2-3 weeks it would take for a consultant or internal risk management team to do the same assessment manually. Instead of going through spreadsheets of assessment responses and searching for problem areas, the risk management team can now focus on remediating the risks that SecurityGate automatically identifies and prioritizes on a continuous basis.
   

Closing Thoughts: With the goal of being the de facto cybersecurity assessment and remediation solution for critical infrastructure companies, SecurityGate continues to add features, such as API integrations to improve their scoring algorithm, that make it easier to implement into organizations of all different sizes and cybersecurity maturity/knowledge levels. We look forward to following their growth, and maybe one day we will see the SecurityGate name be synonymous with the assessment/remediation process in the industries it serves.