Giving Thanks and Ringing in the New Year at ScaleSec

Amid the bustle of the holidays, a slew of PTO, and year-end finance wrap-ups, this time of year is also an important time for any small business to acknowledge and give thanks for all that has transpired in the last 365 days. This year was a big one for ScaleSec, as we made strides in our competencies, cemented our place in the market, and established growth within our team. We are eager to enter this new decade with a pocket full of wins for our consultancy and the opportunity to build a more secure future for our clients.

Achievement Unlocked: Another Cloud Security Competency Realized

Demonstrating our dedication to providing AWS cloud security engineering and compliance expertise, in August ScaleSec achieved the Amazon Partner Network (APN) Security Competency in the “Governance, Risk, and Compliance” consulting category. We are proud to be one of only ten companies to hold that designation in combination with the APN Advanced Tier, which was earned earlier in the year.

“It was a great accomplishment that took the whole ScaleSec team to pull together. It’s impossible to overstate the importance of security and compliance for businesses in the cloud, and the competency program shows AWS is as invested in security as we are.” said CTO Aaron Wilson. “The opportunity to broaden our reach and help customers automate security is very satisfying.”

Multi-Cloud Platform Capable or Cloud-Bidextrous?

Yes We Are

ScaleSec also worked side-by-side with our brethren at Google Cloud for half our engagements in 2019. As a 2018 Launch Partner for the GCP Security Competency, we worked with 16 GCP customers, both directly and via our relationship with Google Professional Services, to enhance and augment devsecops for teams using Google Cloud.

Many have come to be repeat customers, like Mednition, a machine learning and clinical natural language processing solution that trusted our team to help secure their platform. We loved helping anyone wanting to up their security game, from enterprises with household names, to start-up IoT platforms like Leverege (read that case study here).

Attracting Superdeep Security Talent Spurs Steady Growth

ScaleSec began 2019 with just a few consultants, and we’re happy to close out the year with a team of fourteen full-time employees. Our Director of Business Operations Allie DiPietro shares her perspective on how the ride went over the past year.

“ScaleSec underwent exponential growth in 2019; we started the year with a small group of consultants, and are closing it out with more than triple that! We’re still recruiting and hiring like crazy, too, so it really shows how much the brand has expanded,” Allie said. “Add to it that we get most of our customer base through word-of-mouth and referral, and it demonstrates how our work truly speaks for itself. It has been a really fast and wild ride, so I can’t wait to see what happens in 2020.”

Creating a Place Where Cloud Security Folks Thrive

Our efforts to recruit additional consultants will continue into 2020 as will our commitment to encouraging and providing the space for individual professional improvement. We facilitate this with a billable 32-hour work week, leaving each employee 8 hours per week to study, blog, learn new tools, and prepare for certification exams.

Motivated by ScaleSec’s approach to increase pay for each relevant cloud certification achieved, in 2019 our employees passed many industry and platform-specific certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional/U.S. Credential (CIPP/US), AWS Certified Security - Specialty, GCP Professional Cloud Architect, and GCP Professional Cloud Security Engineer, to name a few.

Downtime Is As Important as Uptime

Writing deep technical articles for our blog has become a favorite use of those non-client billable hours each week, affectionately known as “20% time”. When asked about his favorite part of working for ScaleSec in 2019, Senior Consultant Scott McDonald said he was pleased that his article about using Pacu, the open source AWS exploitation framework from our friends at Rhino Security Labs, was so well received.

“Publishing my Medium article on Pacu was pretty cool. It had a relatively high clap count for our blog and was a lot of fun to test out, work with and write up.” Scott’s Pacu article can be found in our archive here.

Senior Consultant Eric Evans published A Comparison of Secrets Managers for Amazon Web Services (AWS), in October. This whitepaper examined the features, security, and costs of popular options such as AWS Secrets Manager, AWS Systems Manager Parameter Store, and HashiCorp Vault, and also received much attention for team seeking such guidance. Eric was pleased to see his work come to fruition.

“It was supposed to be a very brief comparison for an engagement I was working on, however the subject was so interesting I couldn’t help but flesh it out even more. There’s not many better feelings than seeing high quality content come to fruition from collaborating with such a talented team. I’m looking forward to producing more high quality content in the future.”

A Remote-Friendly, WFH Company–Unless We Are At Conferences

We balance our work-from-home lifestyle and enhance team cohesion by attending conferences. ScaleSec team members were out and about at conferences and meetups throughout 2019. Even as a small consultancy, we were represented at Google NEXT in San Francisco, AWS re:Inforce in Boston, GCP Partner Summit in New York City, AWS re:Invent in Las Vegas, as well as at many local cloud and DevOps focused meetups. As part of our benefits package, all team members can choose one cloud security conference each year, all expenses paid. We further encourage folks to speak at conferences, and, if chosen, those trips are fully covered as well.

“One of the best parts of 2019 was when ScaleSec sent me to Boston for the inaugural AWS re:Inforce conference,” said Consultant Jason Dyke. “The conference was a great learning and networking opportunity for myself and the company because it was geared specifically to the AWS security industry. This experience was a first for me and really showed that ScaleSec trusts and invests in its employees to better themselves.”

Leadership will continue to offer this program in 2020. Nine consultants chose to attend Google NEXT coming up in April, and getting together in person is a big draw. Principal Consultant Chris Leibl names attending conferences as his favorite part of 2019, saying, “Attending conferences is a great way to see everyone in the same place a few times a year and get to meet new and old customers.”

A Year Borne of Gratitude

From very humble beginnings in 2015, ScaleSec looks forward to continuing to meet client demand by hiring talent that brings both deep cloud security engineering, architecture and coding expertise, as well as a solid empathy for those who must secure the infrastructure and applications of their companies every day. We will seek out applicants who are underrepresented in the InfoSec spaces, and give them a place to launch from good to great.

CEO Marsha Wilson puts it this way as she looks ahead. “Leading a team really means hiring people smarter than you at every turn. We have grown so much this year, and I personally am so happy that such talented people have chosen to share part of their career path with us,” she said.

“It’s an honor to support, encourage, and lead such a superlative team. I am one lucky CEO.”

Poised For Success In 2020

This year, ScaleSec hired Ron Sivonda to be our VP of Cloud Compliance. As an Army Veteran and former Director at Coalfire, Ron brought a wealth of experience to bear for our clients. With his in-depth knowledge of FedRAMP and many other industry-relevant security frameworks, he has been an amazing addition and complement to our engineering and architecture experts. Ron has commented on the unique approach ScaleSec has to balance the competing interests of attracting and keeping talent, creating a culture of compassion, and maintaining the rich, cutting edge security expertise we are known for.

This approach led to this year being a breakout one, where ScaleSec attracted companies we did not expect to serve until many more years in business.

“We got to work with customers that we all read about on the news,” said Ron. “We got to be out on the pointy end of the spear in cybersecurity, which is honestly kind of hard to find nowadays.”

“I don’t think I’ve ever done work that was more relevant than the work I’m doing here right now.”

The plan is to continue to provide the same impactful work for even more customers in 2020. Happy New Year from the ScaleSec Team to all our family, friends, partners, and customers. Thank you for being on this journey with us.