To create a new language for companies and their partners to communicate, understand, and improve each other’s security posture
SecurityScorecard was founded in 2013 by two former security leaders, Dr. Aleksandr Yampolskiy and Sam Kassoumeh, who were, respectively, the CISO and Head of Security and Compliance at a large e-commerce retailer, Gilt Groupe. Dr. Yampolskiy, who has a PhD in cryptography, was also the CTO of BlogTalkRadio/Cinchcast and has held lead technology and security roles at Goldman Sachs, Oracle, and Microsoft. Mr. Kassoumeh also lead Global Security at Federal-Mogul and has over ten years of cybersecurity experience.
Scorecarders believe the best innovations, solutions, and foresight come from our unique perspectives. We are guided by our commitment to learn, be flexible, and adapt in pursuit of innovative defense solutions. By promoting diversity, we cultivate empathy and innovation enabling us to provide essential insights to our customers. We are #onescorecard
We promote a company culture that is driven by innovation that enables us to execute on our vision and deliver solutions to our customers that reduce risk, improve security, and provide measurable business value.
Sam and I were assessing the security of a large financial provider that offered a fraud prevention product for vetting all e-commerce transactions. We spent weeks talking to them and reviewing their daunting 30-page security questionnaire. At the same time, our Financial Controller was standing outside my office every day impatiently asking, "Why are we not expediting the security assessment? We need this product YESTERDAY!"
Our security instincts told us that despite the pressure to sign a contract for a partnership we desperately needed, the impatience of the deal would not cloud a deeper vetting of the partner. The evaluation we needed could not be obtained by simply working on the questionnaire and waiting for the vendor to answer the deeper security questions they were avoiding.
We continued working on the assessment, losing money in e-commerce fraud that the solution could have prevented. We started poking around using passive security research methods and discovered signs on the Internet that that company was compromised. We could have lost our data if we rushed the deal. After discovering the vendor’s security issues, we incorporated specific legal provisions into the contract to protect the company.
It was during this experience we identified the opportunity for SecurityScorecard.
We thought, "What if we could engineer a way that would allow one company a deep view into another company’s security posture that would be instant, accurate, and independently verifiable without having to ask permission or wait around for weeks for answers to important security questions?"
We strongly believed there were non-intrusive ways to obtain a clearer picture of the security health of a company, which could really help speed up and complement the vetting process. This experience was an epiphany for us.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.