© CEOCFO Magazine -
CEOCFO Magazine, PO Box 340
Palm Harbor, FL 34682-
Business Services | Solutions
Medical | Biotech
Cannabis | Hemp
Banking | FinTech | Capital
Industrial | Resources
Global | Canadian
Lynn Fosse, Senior Editor
Steve Alexander, Associate Editor
Bud Wayne, Marketing
& Production Manager
Christy Rivers -
Cyber Risk Visibility on Demand
Cyturus Technologies, Inc.
Interview conducted by: Lynn Fosse, Senior Editor, CEOCFO Magazine
Published – December 21, 2020
CEOCFO: Mr. Hill, what is Cyturus Technologies?
Mr. Hill: Cyturus provides an evolutionary quantifiable cyber risk quantification service where we help organizations look at their business risk associated with their capacity for cyber security and quantify where the organization should focus resources in an effort to reduce their business risk.
CEOCFO: What do you look at so you have the right input to come up with a solution that makes the most sense?
Mr. Hill: Unlike many organizations providing cybersecurity assessments focused specifically on IT from a controlled perspective, Cyturus looks at the entire business enterprise. We leverage an adaptive risk model comprised of fifteen domains providing visibility across all business units. This includes a Workforce Management domain where we interview members of the HR leadership team and discuss practices related to managing a cyber-
CEOCFO: What might you look at that people would be surprised could make a difference?
Mr. Hill: Many organizations felt they had their cybersecurity posture well established and under control. However, in today’s climate when senior leader, such as the CEO or board member asks the cyber security program leadership, “Are we secure” they follow that initial question up with “can you quantify that”? One of the things that really surprises a lot of organizations is their inability to quantify their cybersecurity maturity as an organization, not just in IT.
We find many organizations have systemic gaps when analyzing the organization as a whole, not just one or two business units. Inconsistencies in policies, standards, and guidelines that have not been reviewed and/or updated. We find other organizations that have inconsistencies and immaturities in how they manage their identity and access for users, whether it be on-
Every organization has a different set of gaps and remediation items which are outlined on a roadmap specifically designed for that organization. Lou, I am going to pass this to you because you see these from a different perspective.
Mr. Carli: I think th biggest surprise that people have is that this tool, this platform, provides critical visibility and by that, I mean, as opposed to the traditional audit and reporting which is a snap shot in time and does not reflect the adaptive nature of cyber security. Our solution is a cloud-
CEOCFO: What are you showing a prospective customer? What information might they want to see? How many parameters do they need to put in when they are looking at the screen?
Mr. Hill: We have found C-
When you ask what they look at on-
CEOCFO: Do you find that more and more companies are looking for that information, or do they even know that it exists?
Mr. Carli: We know, compared to the competitive landscape, that we have a unique platform that provides visibility and a subscription service that helps our clients manage the mitigation and remediation efforts. By that I mean traditionally you receive an audit report with findings, then you are expected to go do something about it, and 95% of the companies do not actually act on the remediation. They either do not know how, they do not have the capabilities, the time, or whatever it may be, so we bring that to bear with our team. We provide a platform that provides visibility with the added benefit to help manage mitigation efforts going forward.
Mr. Hill: To continue with what Lou is saying, this is a very significant differentiator because, as Lou said, many organizations perform an assessment on an annual basis. We find that there are very similar findings, or repetitive findings, year over year because organizations either do not have the skill sets for remediation or they lack bandwidth to focus on those findings contained within those annual reports. Consequently, over that twelve months a few of them get remediated, maybe those most critical, many do not. This is why you have repetitive findings year over year.
What Cyturus is able to bring to the table is a subscription where we assign a mitigation manager to that client engagement. They are responsible for those weekly status reports, monthly updates, quarterly reviews with senior leadership to ensure the client organization is making maturation improvements, that they are remediating those findings, and senior leadership has visibility into that maturation on an ongoing real-
CEOCFO: What were the big challenges in the Cyturus Adaptive Risk Model (ARM)?
Mr. Hill: In my former life as a consultant in this space, it was my responsibility to come in after these large assessments, dig through these 500 pages of analysis and then try to develop actionable plans, actionable roadmaps, actionable tasks and then help that organization with their limited resources implement those changes. Having spent years in this field, I realized there had to be a better way and that is exactly what we did with Cyturus. We developed a system that allows an organization to move from assessment, to finding, to roadmap, to management of the remediation, to the reporting of the progress all in a real-
The challenges were developing something that simply did not exist. We knew how to do it manually, because we had performed those functions with organizations for decades because that was how the industry worked. However, we were able to create a platform that automates much of the manual effort, and provides visibility at every stage. In addition, doing that through a SaaS platform created a portal that our customers find very useful and they are extremely engaged throughout the lifecycle because it provides them visibility on real issues within their organization which are all tied to reducing business risk.
CEOCFO: Are you providing one solution or are there different modules that a customer might choose?
Mr. Carli: The solution is all encompassing, the Adaptive Risk Model, allows us to be very flexible in our capability and to address various compliance needs. When it comes to modules, we do not necessarily break it down in modules only because it is much more effective if we have wholistic approach, as opposed to a piece meal. We do not feel like we provide the necessary visibility and we leave the organization with blind spots. However, we are flexible when it comes to pricing and subscription models based on size of organization and number of employees.
Mr. Hill: Various organizations have differing requirements. Some organizations have a CMMC for the DoD, other organizations have HIPAA or PCI. We have the flexibility based on the organization, the size of that organization, the compliance requirements of that organization, the vertical or even the industry of the organization, because we deal with power companies, manufacturers, healthcare companies, to tailor the assessment specifically to their needs as an organization. However, as Lou pointed out, the service offering is the same. It consists of the establishment of a baseline, the measurement of the findings against potential business risk, the prioritization of those remediation findings, and then that remediation roadmap creation, which ultimately ties into CMaaS (Cybersecurity Maturation as a Service) solution offering that we have been talking about which facilitates improvement over time that is measurable.
CEOCFO: How are you reaching out and how would someone know what to look for to find Cyturus?
Mr. Carli: There are a several ways we go to market along with several ways to contact us. Our website is www.cyturus.com, you can email us; firstname.lastname@example.org, or you can reach us by calling 844-
CEOCFO: What has been the impact of COVID?
Mr. Hill: One of the things that has been impacted is the way which we interact with our customers. Historically we have gone onsite and we have had in-
Another impact of working from home has, in some cases, provided resources some bandwidth and organizations have been able to take on a project like this. They have recognized their need based on the rush to provide work-
Mr. Carli: COVID exposed several risks and challenges to organizations. One of the biggest risks from a cybersecurity perspective was remote work-
CEOCFO: Why pay attention to Cyturus Technologies?
Mr. Hill: I think the biggest thing is the desire for quantification of business risk. So many organizations have spent millions on cybersecurity, yet we have seen a year-
Cyturus takes a different perspective. We help the organizations uncover what those root issues are and to focus their resources, that is not just people, it is money and tools as well as their energies within the organization and to those areas of their enterprise that are going to be effective. Focusing on reduction of actual business risk. To put it all together, if an organization wants to truly understand where they are in their cybersecurity maturation process, identify their gaps, measure their business risks, and to apply focus specifically on reducing business risk and potential impact as well as improving their cybersecurity culture, Cyturus is the answer.
Cyturus Technologies, Inc., Robert Hill, Measure Cybersecurity Effectiveness, Manage Cyber Security, Lou Carli, Cyber Risk Visibility on Demand, CEO Interviews 2020, Business Solutions Companies, Government Services Companies, Healthcare Solutions Companies, Finance Solutions Company, Manufacturing Solution Company, Measure Cyber Security Risk, Manage Cyber Security Risk, measure cybersecurity risk, manage cybersecurity risk, Manage Cyber-
“Senior leadership has visibility into that maturation on an ongoing real-
Founder & CEO
Chief Revenue Officer