Security DNA Is Our Foundation
Our mission is to empower every organization with collaborative security intelligence.
SecurityScorecard was founded in late 2013 by two former security leaders, Dr. Aleksandr Yampolskiy and Sam Kassoumeh, who were the CISO and Head of Security and Compliance at a large e-commerce retailer, Gilt Groupe. Dr. Yampolskiy, who has a PhD in cryptography, was also the CTO of BlogTalkRadio/Cinchcast, and has held lead technology and security roles at Goldman Sachs, Oracle, and Microsoft. Kassoumeh also lead Global Security at Federal-Mogul and has over ten years of cybersecurity experience.
In March 2015, SecurityScorecard announced $12.5 million in funding led by Sequoia Capital, with current investors participating in the Series A round. The company began earnestly with two people in early 2014 and has grown rapidly and scaled to over 100 highly-skilled, security employees worldwide today including: front- and back-end developers, threat intelligence experts, white hat security researchers, malware reverse engineers, data scientists, product managers, marketing managers, inside and outside sales staff, and customer success professionals.
Why We Built Security Scorecard
“Sam and I were assessing the security of a large financial provider who had a fraud prevention product that would help us vet all e-commerce transactions. We spent weeks talking to them and reviewing their daunting 30-page security Q&A questionnaire. At the same time, our Financial Controller was standing outside my office every day impatiently asking: ‘Why are we not expediting the security assessment? We need this product YESTERDAY!’
“In working closely with Sam, our security instincts told us that despite the pressure to sign the contract for a partnership that we desperately needed, the impatience of the deal would not cloud a deeper vetting of the partner. The vetting we really needed could not be obtained by simply working on the questionnaire and waiting for that vendor to answer deeper security questions that they were avoiding.
“We continued working on the assessment, losing money in e-commerce fraud that the solution could have prevented. We started poking around using passive security research methods and discovered on the Internet there were signs that that company was compromised. We could have lost our data if we rushed the deal. After discovering the vendor’s security issues, we incorporated specific legal provisions into the contract to protect the company.
“It was during this experience we identified the opportunity for SecurityScorecard. We thought: ‘What if we could engineer a way that would allow one company a deep view into another company’s security posture that would be instant, accurate, and independently verifiable without having to ask permission or wait around for weeks for answers to important security questions?’ We strongly believed there were non-intrusive ways to attain a clearer picture of security health of a company which could really help to speed up and complement the vetting process. This experience was an epiphany for us.”