The proverbial bike shop
Chad Boeckmann, CEO and founder of TrustMAPP, believes that security leaders are the driving force to innovative solutions becoming successful. “Ultimately CISOs vote with their dollars and by peer-to-peer exchange of ideas and solutions that are working,” he says.
Security leaders, Boeckmann says, should constantly be on the lookout for solutions that either solve new challenges (e.g. reduce manual effort) or reduce cost with legacy automation. Additionally, they should make themselves visible – present, deliver presentations, write a blog or a white paper or become a guest on different podcasts. Doing so will help the market respond to the challenges and new approaches that they raise while building their own brand.
Defining a goal
Boeckmann had an early go at entrepreneurship. At age 12 he had a newspaper route in his hometown of St. Augusta, Minnesota. “It was rewarding. It got me outside and I was able to exercise,” he says. Aside from delivering the papers on his bike, he also had to collect payments from his customers. Out of this experience came a desire to set up his own business. At that time, it was to own his own bike shop.
“That began a journey for me. I looked at all the skills I would need in order to make owning a business a reality.”
By the time he finished college, however, Boeckmann had set aside his bike shop aspirations and found himself steeped in technology. “I knew then in the late ‘90s that information security was going to be a big thing,” he says.
What remained was his practice of acquiring the skills he believed he needed once he had settled on a goal. And so he obtained the necessary certifications – the GSEC, CISSP, the CISA – and worked as a consultant to get to know various enterprises’ security needs in a short amount of time. Through this experience Boeckmann began to assess how customers’ information security needs could be met in a more effective way.
In one of his customer meetings, a CIO raised a set of questions: “Where is our security program today, where do we need to be, and what is it going to take to get there?” That set of questions got Boeckmann thinking about the value he wanted to provide his customers on a broader scale. This set of questions ultimately was the genesis of TrustMAPP®. “Our team began to apply and refine an approach with our customers to create a repeatable process that is highly automated. And then we constantly improved the capabilities by obtaining feedback from our customers and refining it accordingly. This approach is still core to our product development lifecycle today, three years later.”
Different yet similar
Having been in the security industry for more than 20 years, Boeckmann has been able to observe the security landscape. “A lot has changed, but a lot has also stayed the same.”
Back when he started his career, most companies’ definition of security focused on network perimeter security and access control. “But today the perimeter has become almost transparent, so you have to focus instead on data management.”
Despite this, the broader heading of risk management has been around a long time and Boeckmann believes that old challenges should be tackled in new ways. “We are beginning to see a new form of risk management tools emerge to quantify risk. I believe there are still two general camps, the camp that focuses on operational metrics like vulnerability numbers and results of phishing exercises. Then the other camp that focuses on performance of security as it is aligned to the business objectives. Operational metrics like vulnerability count and results of a phishing exercise are important and should be monitored however they are table stakes and not drivers of business objectives. These types of activities often fall into the maintenance category,” he says.
Another challenge that doesn’t seem to yet be solved is companies’ ability to build security into their processes at the outset, rather than as an afterthought.
“The challenges we’ve been dealing with for the past 20 years are likely to remain for a while but in a difference context,” Boeckmann says. “For example instead of focusing on internal-centered processes and controls we as an industry must now adapt process and controls to shared services like cloud services and evolve from a 100% on-premise model. Cost and convenience, in my opinion, are the ultimate business-drivers for this change.”
The opposite of micro
Boeckmann describes himself as an executive who hires people who do a better job than he can in specific areas. “I am the opposite of a micro-manager,” he says, “I like to hire and manage toward people’s strengths and also challenge them, asking team members to create stretch goals and take on tasks outside of what they have been used to.”
“There are many forms of learning and I think a big part of it is pushing people beyond their comfort zones, so they could prove to themselves that they can actually do what they thought they couldn’t.”
No business is successful by a single individual. “The success a company is a result of a team of people, who are all working together for the same mission and ambition. The team is not just employees but advisors, customers and consultants.”
Boeckmann takes pride in knowing how to bring people together for best results. “It comes down to skill sets, personality, and culture.”
Boeckmann likes spending time with his family, going to the lake in his native Minnesota and taking the occasional scuba diving trip.
He also started a podcast in early 2018. “I really enjoy it. I get to talk to and listen to very interesting people from across the country with varied backgrounds. The podcast is titled the Business of Security Podcast Series.”
The podcast focuses on the business and leadership aspects of security. “We focus on how security drives value for the business and get the perspective of executives. We want to raise the volume of the global conversation about how (cyber) security is a core function of the business instead of something that is just a by-product of the technology department.”
Boeckmann says three virtues have served him well over the years: Integrity, humility and gratitude. “I feel honored to know the people I do. This includes our advisors, our customers, and peers in the industry. Being part of this community is really special, and I appreciate learning from their experiences and their knowledge,” he says.
More than anything, it is Boeckmann’s inherent good spirits that have allowed him to prosper and thrive. “If I had a bad day on Monday, I don’t allow that to wreck the rest of my week. So, Tuesday is gonna be a fresh start and I make that a conscious choice. I begin each day thinking it will be the best it can possibly be.”
He may not have been able to actualize his childhood dream, but Boeckmann has certainly found his place. “This is my bike shop.”