It’s Really All About You
Critical Start was founded with one goal: Improve the security capabilities of our customers. We accomplish this goal using a strategy-based approach called the Defendable Network.
We’re a different kind of security company. We’re here to help our customers navigate the ever-evolving security landscape by offering an unbiased perspective from a team of passionate, cybersecurity experts. We know you will always understand your infrastructure, culture, and policies better than any third party. Our perspective, combined with your organizational expertise, results in better decision making and a stronger security posture.
Owned by Employees, Driven by Your Needs
Critical Start is a 100% employee owned company. Why is this important? The lack of private equity, debt, or venture capital funds allows Critical Start to prioritize long-term relationships versus short-term quarterly objectives.
We created the Defendable Network to offer a common-sense approach to complex security standards to achieve a specific Security Readiness Condition (SecCon) level. This proven security framework seeks to prevent initial compromise, restrict lateral movement, and swiftly respond to breaches. Our prioritized roadmap considers common-sense requirements like user experience, operational expenses, implementation efforts, and business needs.
SecCon levels range from 5 (highest risk with lowest resources) to 1 (lowest risk and most resources). The progression from 5 to 1 is exponential, with headcount and cost doubling each step along the way. This is not a maturity model, but rather a desired outcome for an organization to match risk tolerance, budget, and threats of concern. The methodology is not to determine which products (if any) should be purchased, but to define a set of capabilities to accomplish specific security goals. The effectiveness of those capabilities lean heavily on another aspect of security that drives our approach: the people aspect. Good governance and processes, as well as secure architecture and configuration all play a crucial role in any security program.
Our Guiding Principles
57 65 20 64 6f 6e 27 74 20 64 6f 20 74 68 69 6e 67 73 20 74 68 61 74 20 73 75 63 6b 2e
We’ve experienced double digit growth every year since our inception.
We believe our success is a direct result of an unwavering commitment to our guiding principles.
Rule #1: Do what’s right for the customer.
We’re here to help customers find the right solutions for their specific needs. Those solutions can vary widely between organizations. Our deep expertise enables us to understand each customer’s environment and business needs and recommend the right mix of security controls to fit. Sometimes that means adding solutions from one of our partners. Other times it’s simply maximizing their use of an existing product, adding the right security headcount, improving processes, or changing configurations. In every case, our focus is identifying the path to measurably improve their security posture.
Rule #2: Good enough isn’t.
Mediocre isn’t in our vocabulary. We hold ourselves and our partners to a higher standard. From capabilities, service delivery, and our MSSP we expect the best. Our partners’ products and services go through a detailed Solution Validation process to ensure the highest standards are met before we recommend them to any customer. If we encounter a challenge, we go back to Rule #1, “Do what’s right for the customer.”
Rule #3: Do what’s right for our employees.
Our team is comprised of experts who are passionate and knowledgeable about security. We recognize the importance of attracting and retaining top talent. At our nimble, growing company expectations are high, but so are the rewards and respect.