Secure Digital Solutions, LLC.

CEOCFO-Members Login

April 24, 2017 Issue



Cyber Risk and Maturity Platform to Automate Security Programs



Chad Boeckmann

Chief Executive Officer


Secure Digital Solutions, LLC.



Chad Boeckmann



Interview conducted by:

Lynn Fosse, Senior Editor, CEOCFO Magazine, Published – April 24, 2017


CEOCFO: Mr. Boeckmann; what was the vision when you started Secure Digital Solutions and where are you today?

Mr. Boeckmann: Originally the vision of the firm was to align customer’s information security to their business objectives. Today, we have aligned with the original vision. We have refined our offerings over the last eleven years and we now manage the business of information security through both services and our proprietary platform called TrustMAPP®. We have truly pivoted the company position to be a business advisor by applying best practices to cyber security programs and respective leadership.


CEOCFO: What do you understand on a very fundamental level about security that less experienced people do not quite grasp yet?

Mr. Boeckmann: I would say that really ties in to our business value proposition where we want to look at the security program as a managed portfolio component of the business and not just an IT function. The industry is beginning to look at cyber security a bit more carefully as a business function. Here at SDS we have been able to design a methodology in an automated platform to provide organizations an ability to really align security as a part of the business function, looking at it as an investment, the performance of the program and determine the type of resources they need to achieve specified goals. Not only that, but tying those goals to risk categories, cyber risk specifically, and communicating and translating the business value of security to board of directors and executive leaderships using repeatable business-centric KPI’s.


CEOCFO: Who is turning to you for services? Do many people recognize that a service like yours is available? Are they surprised when they come to you and realize you have a more comprehensive approach?

Mr. Boeckmann: Companies who are in highly regulated industries such as Energy, Financial, Insurance and Healthcare identify with our solution. Because TrustMAPP® is first to market with a security program management platform many organizations do not realize automation exists to replace manual efforts using spreadsheets. Once customers do learn about TrustMAPP® we oftentimes here statements like “I wish I had known about this earlier” or “This is going to save my team so much time.” We are also learning different uses for TrustMAPP® from our customers. In one recent example an insurance company is using TrustMAPP® to measure information security performance of their vendors.


CEOCFO: How does TrustMAPP work?

Mr. Boeckmann: TrustMAPP® works by measuring the performance of the security program at a process level using maturity and aligning to business objectives. We start with frameworks and regulations like NIST or ISO combined with regulations such as PCI DSS, HIPAA or FFIEC. We take a one-to-many approach and map multiple similar controls to a single process. Now, this is a fundamental step in our methodology. What we do is we measure each process based on six maturity attributes originally adopted from COBIT. Those maturity attributes are awareness, policy & procedure, automation, accountability, expertise and measurability. Each of those attributes for a give process is measured using CMM (Capability Maturity Model) of one to five. Therefore, when the organization conducts a cybersecurity assessment of their security program processes they know exactly what aspect of that process needs improving. What is very unique about TrustMAPP® is the automation of maturity with an assessment engine and pre-populated recommendations in TrustMAPP®’s assessment templates. Those recommendations indicate based on assessment scores and relative templates guidance to what needs to be improved and numeric recommendations for labor effort and estimated capital investment. With TrustMAPP® leaders can answer the question: How much is enough and what security KPI’s are meaningful. The platform also provides estimates on capital expenditures that may be required for training, for software or hardware and for other one-time cash investments. These recommendations are scaled to meet the unique size of the business. We have essentially created a portfolio management platform for the cybersecurity program.


CEOCFO: Are people skeptical that you can make it as easy as it sounds?

Mr. Boeckmann: There are some people that do believe, as I have heard before, that we have “simplified it too much”. We have taken a complicated subject and with TrustMAPP® provide an organized method to align with the business that truly communicates the business value and performance of security. Therefore, when security leaders now need to present to the board of directors they can do so in a language that the board understands. Performance goals, cyber risk metrics and dollars and cents of what it would take to make improvements based on where the organization is performing today using maturity as that tool. We have had some customers that were skeptical at first and become subscribers and we have some people who have never seen it and they see it for the first time and are blown away by the capabilities packed into a simple design, so they get excited and want to leverage TrustMAPP® for other use cases within their cybersecurity program.


CEOCFO: How are you working with your customers on an ongoing basis? Are they signing up for a year license? What are the mechanics of how you operate?

Mr. Boeckmann: Generally, when a customer signs up for TrustMAPP® they engage with a multi-year relationship. This is because they see the value to using the platform to provide the business with a consistent methodology and flexible KPIs. Switching these up after a year would not make very much sense for trending and performance purposes. We provide ongoing advisory services as required. Our team of consulting experts provide assessment validations and also partner to improve customer security programs when there are areas they would like to improve. Our team of experts can assist our customers in achieving their goals in a specified time frame.


CEOCFO: How do you stay ahead of the curve in new ideas and security, new threats and new solutions, as well as the regulatory environment that comes in to play; maybe the insurance environment as well?

Mr. Boeckmann: We have seasoned experts on our team each with an average of ten years of experience. Our Chief Information Security Officer joined the team after spending multiple years with Fortune 500 companies. We also have a Chief Privacy Officer who we brought on board with a very deep background in healthcare and global privacy requirements. Both individuals are well connected in the industry and bring a wealth of knowledge to our team. Our team is part of multiple industry associations and stay very active in those. Our team also focuses on developments with most recent legislation and proposed bills related to cyber security and privacy. Additionally our leaders continually speak with other professionals and industry pundits. We share this knowledge gained with our customers and weave it into our product deliverables. 


CEOCFO: Are there certain services, topics or areas of security that many of your clients are missing? Is there a common thread?

Mr. Boeckmann: We see a common thread. If I were to generalize for just a moment the industry is coalescing around bringing [cyber] security outside of IT and speaking to the business in terms they understand. Often times we speak to organizations that might be, overall, low on the security-maturity spectrum. These organizations are still functioning at a core operations level. When we come in to have the conversation we advise in order to achieve long-term success and show the value [of security] and obtain investments that are required, you need to speak to the business and translate this into conversation that the business understands. Aligning these objectives, these projects that the operations security team is working to accomplish with the enterprise business objectives that executive leadership team or the board has established. If we can create those alignments very clearly the conversation becomes very easy. The theme is translating the business value of security and just repeating that over and over again, because that is the theme that we are often seeing, not maybe necessarily being understood or applied correctly. There are still a number of organizations that are just trying to get their security program off the ground to get, what I call, the tackling and a blocking done, which is the incident response process or the consistent patch management processes integrated across their environment.


CEOCFO: Are you able to help your clients understand that what their customers or suppliers level of security can have a effect?

Mr. Boeckmann: That is what the industry often calls third party risk management. Our team provides managed service for customers to establish a third party risk management program. This creates a very repeatable standardized process and leveraging TrustMAPP® delivers standard scoring methodology and meaningful analytics and trending. Customers specifically in the Insurance and Financial Services industries are focusing in on TrustMAPP® to deliver a turnkey solution without a lot of customization required.


CEOCFO: Are you surprised there is no way to stop more of the security threats today or that we have not been able to be better at it yet? 

Mr. Boeckmann: No, I am not surprised. This is because it is the human element that often times provides the crack in the dam, if you will. We can have all the latest and greatest technology, but all it takes is a human error. We saw that recently with the Amazon cloud. It was a typo in a configuration file that basically caused denial of service to the majority of their customers using Amazon web services. It goes back to human interaction, human error. Therefore, I am not surprised. The black hats out there only have to get it right one time, but we have to get it right every time. There is exponentially growing demand for talent and new talent needs to be brought in and trained and experienced security staff are sometimes difficult to retain for more than a couple of years. We as an industry have many more dynamics on the defensive side.


CEOCFO: What is next for Secure Digital Solutions? 

Mr. Boeckmann: Our “next” is to establish a global presence with our platform, TrustMAPP® and we are beginning to have those conversations with customers in the European Union right now. We want to continually expand the capabilities of the platform. Over the next three years we anticipate tripling our subscriber base and beginning to set a de facto standard in the industry for security program management solutions; we are actually creating a new category of offerings.


CEOCFO: Why are you ready now for the push over the next year?

Mr. Boeckmann: Based on the emerging industry trends, the industry in general, for the last ten years, has really focused on, operational level activities and getting the tackling and blocking done. With the NACD’s (National Association of Corporate Directors) cyber risk principles guidance for Board of Directors responsibility the industry is beginning to shift with an emphasis to align with business objectives. We are beginning to see security leadership show the intent to communicate the business value of security with executive peers. Therefore, the trend is now picking up. People are talking more about moving cyber security outside of IT raising the conversation to a business value discussion. We have been working on TrustMAPP® for two years and now is the time to really begin wide adoption in the marketplace.


“Companies who are in highly regulated industries such as Energy, Financial, Insurance and Healthcare identify with our solution. Because TrustMAPP® is first to market with a security program management platform many organizations do not realize automation exists to replace manual efforts using spreadsheets… We have taken a complicated subject and with TrustMAPP® provide an organized method to align with the business that truly communicates the business value and performance of security.”- Chad Boeckmann


Secure Digital Solutions, LLC.



Chad Boeckmann







Any reproduction or further distribution of this article without the express written consent of is prohibited.



Cyber Risk Consulting, Secure Digital Solutions, LLC, Risk and Compliance Services, CEO Interviews 2017, Chad Boeckmann, Cyber Risk and Maturity Platform to Automate Security Programs, Business Services Companies, Technology Company, Managed Information Security Program, SDS Information Security, cyber risk program management, data privacy expertise, security program management, information security platform, security consulting services, TrustMAPP, security program strategy, information security program assessment, information security governance, enterprise risk and compliance, Secure Digital Solutions, LLC. Press Releases, News, Business Services Stock, Companies looking for venture capital, Angel Investors, private companies looking for investors, cyber risk consulting companies seeking investors, risk and compliance services companies needing investment capital does not purchase or make
recommendation on stocks based on the interviews published.