When we set out to build TALAS in June of 2021, we knew what we were after. We wanted to build a Cybersecurity service that made sense of it all. A service that would allow people to simplify cybersecurity, get organized around cybersecurity control, and know where to focus resources to strengthen their cybersecurity program. Simple, right? It was time to invest in a whiteboard. This is how we got there…

We knew we needed to make Cybersecurity simple.

Cybersecurity is complex. An effective cybersecurity program will cross multiple security domains including Access, Networking, Risk, Governance and Incident Response to name a few. These domains are complex enough on their own to require dedicated teams to implement and administer these functions properly. The complexity within cybersecurity comes from needing all of its parts to work together seamlessly. Knowing this, we needed to figure out how to take this overwhelming thing and make it easy to understand, connect and consume. After months of discussion and research we found our answer, control. This led us to develop a proprietary framework that allowed us to focus all of the basic elements of cybersecurity back to a single concept, control. This was the birth of the TALAS Control Stack, a way to make sense of any cybersecurity program and a way to make complex concepts easy to organize and simple to understand.

Cybersecurity does not work when it’s just point-in-time.

Another issue we had to tackle is the speed at which cybersecurity moves. The cyber landscape is constantly evolving. Networks, threats, technology, the attack surface are all in perpetual change. The speed at which cybersecurity moves makes point-in-time services obsolete. As a result, we knew we had to change the way traditional assessments work. We needed assessments to be fast, efficient, and to ensure that our services would not just inform but would enable. This meant that our customers had to be equipped to take action and to leverage the tools and methodologies we would deploy to ensure their program continued to move forward well after we were gone. This is why tools and reuse became such an important part of our service delivery. We didn’t just build the assessment mechanism but focused on building the tools and processes that would ensure that our clients were equipped to keep their program moving.

“This meant that our customers had to be equipped to take action…”

Success is about knowing where to focus limited resources.

As powerful as simplification can be, success in the Cybersecurity space is really about prioritizing risk and knowing where to focus. This is why our assessments are built around identifying and addressing the quickest risk reductions first. On average 40% of our directives are low cost / low effort and can immediately reduce risk with minor configuration changes, in most cases without incurring any cost. The key for us was being able to ask the right questions at scale. We knew that most organizations have a tremendous amount of institutional knowledge, but only a fraction of that information is actually written down, let alone kept up to date. This led us to focus on building mechanisms that would extract that institutional knowledge from entire organizations, allowing us to accurately identify where opportunities for risk-reduction exists. Once we identified how to get at the right information, it was as simple as building the formal tools and processes that enable our clients to manage their risk.

“…can immediately reduce risk with minor configuration changes, in most cases without incurring any cost.”

So, what’s it like working with you?

We love Cybersecurity. We spent our career building large complex cybersecurity programs for enterprise companies. With shifting threat trends and the proliferation of attackers targeting the most vulnerable, it was time to make enterprise grade cybersecurity available to everyone. For us, this is about the mission. This is about our ability to enable our customers to control their cyber risk. We have found that most organizations have many of the components needed for a foundational cybersecurity program and with minor changes, they can make major impacts. As we go through and complete our services, our clients are excited to see all of the opportunities they have to immediately reduce risk. We have found that everyone wants to secure their network, it’s just overwhelming. Once you know where to start, it all makes sense.

“…with minor changes, they can make major impacts.”

What’s a TALAS?

We get asked about our name a lot “Why TALAS?” As we were building TALAS, we had multiple conversions about why we were building the company. We wanted to know who we were, what we wanted to accomplish and why we were doing this. As we dug deep into these questions late into the evening hours, we kept coming back to different variations of the same statement “If we could just get organizations to take a look at security.” Over and over, we would discuss different topics it would come back to this same theme “… if they would really Take A Look At Security” So when it came time to name the company, the answer was literally scribbled across all of our notes, staring back at us. TALAS is actually an acronym, this is why it is always capitalized. It is made up from each first letter from the statement “Take A Look At Security.” For us this is not just a name, it’s part of who we are, it’s how we think, and it’s why we are here.