An Interview with Jake Kouns, Risk Based Security® Co-founder and CISO: ‘We Equip Our Clients with the Most Comprehensive and Detailed Vulnerability and Breach Intelligence Available on the Market’

“RBS continues to innovate and lead the risk intelligence market and security industry, with best-in-class data at the heart of its vulnerability management and organizational risk rating platforms.”

You cannot focus your efforts on realizing your vision if you are worrying about the security ecosystem of your organization. You need to know where you are vulnerable, and how to prioritize risk management efforts. That means you need a comprehensive vulnerability intelligence solution that traditional services cannot provide.

For that reason, we’re delighted to present Risk Based Security (RBS).

The company is a leader in vulnerability intelligence, breach data, and risk ratings. It equips its clients with the most comprehensive and detailed vulnerability and threat intelligence available on the market. The Company’s products enable organizations to make data-driven decisions in a timely manner to effectively prioritize and manage risk mitigation. The firm reveals the security of the vendors their clients work with, and offers on-demand access to high-quality security and information risk management resources in an easy-to-use web portal or through an API for easy integration into GRC tools and ticketing systems. The Company was founded in the year 2011 and is headquartered in Richmond, VA.

In Conversation with Jake Kouns, Risk Based Security Co-founder & Chief Information Security Officer

What is the reason behind the founding of Risk Based Security? How did you expand your company and its offerings over the years?

RBS initially began as two data intelligence feeds supporting information security and risk management. Cyber Risk Analytics^® (CRA) contains security ratings on organizations and data breach analytics, while VulnDB^® is the largest collection of software vulnerabilities available. Both were initially offered as standalone services, with the data accessible via the SaaS portal or RESTful API. More recently, VulnDB and CRA have been integrated into other popular security products such as Splunk, RSA Archer, ServiceNow, JFrogXray, Recorded Future, Brinqa, and Polarity to name a few, bringing customers more options for accessing our intelligence.

What challenges did you face in your initial years?

When we started RBS in 2011, we faced the task of finding clients who were willing to try a new approach to managing software vulnerabilities and organizational risk. Building a team to develop, deliver, and service the products was not far behind while retaining a culture true to our values and principles. Real growth took off as prospective clients heard about our new approach and the quality of the data we were providing.

How successful was your first project?

Our first product featured a comprehensive database covering all publicly reported data breaches, and came to be known as Cyber Risk Analytics (CRA). Success came early as CRA was the first comprehensive database of data breach details in the market. Our early adopters were enterprise clients and cyber liability insurers, who embraced the wealth of historical information we could provide. From there, the Cyber Risk Analytics service grew to include vendor risk ratings, known as PreBreach, while our software vulnerability product, VulnDB, started to take off. The combination of the two products has been widely embraced by the marketplace, with some customers taking advantage of both services.

Is your company a leader or follower?

From our first day in business, Risk Based Security offered organizations access to vulnerability intelligence data that would make a difference. Not the old flawed approach to data intelligence, but a new level of quality, comprehensiveness, and timeliness that would provide organizations, (and security service providers), the opportunity to apply true risk-based security to the threats they face every day. RBS continues to innovate and lead the vulnerability intelligence market and security industry with best-in-class data to drive its vulnerability management and organizational risk rating platforms.

If you have to list five factors that have been/are the biggest asset to your organization, what would they be?

• We do what is right, honest and fair with clients, our people, and business partners.
• Each team member takes personal responsibility for the success of our company, products, and services.
• We anticipate and address the challenges of the security industry and our clients.
• We continuously innovate and improve.
• Each team member respects, collaborates, challenges and cares about others, our clients and partners.

What are the factors that make your company stand out from the competition?

We launched Risk Based Security with the goal of becoming the premier vulnerability and organizational risk management firm in the world. By hiring the best people in the security industry, and by establishing a reputation for providing innovative, technology-enabled risk intelligence services, our clients have come to expect RBS to deliver the highest quality, most comprehensive vulnerability, and organization rating data in the market. We build on that reputation every day by delivering innovative, value-adding products and services that continue to drive the security industry forward.

Where do you see your company a couple of years from now?

Today our data drives many of the most well-known security services on the market. In a few short years from now we expect our data to be globally recognized as the most timely, highest quality and most comprehensive intelligence available, and the go-to data source for companies who want to make risk-based security decisions. With the massive deployment of Internet of Things (IoT) devices, combined with the rise in cybercrime, ransomware, and more sophisticated cyber-attacks, we see our data deployed in a growing number of businesses, governments, educational institutions, and consumers alike. As we continue to integrate with global security platforms, accessing our data will be the standard when it comes to risk-based vulnerability management and organizational ratings.

The Leaders Behind Risk Based Security’s Rise

Jake Kouns: Jake Kouns, Co-founder, serves as the Chief Information Security Officer of Risk Based Security. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Jake holds a bachelor’s degree in business administration and a postgraduate degree in business administration from James Madison University, with a concentration in information security. In addition, he holds a number of certifications, including ISC2’s CISSP, and ISACA’s CISM, CISA, and CGEIT.

Barry Kouns: Barry Kouns, Co-founder, serves as the Chief Executive Officer for Risk Based Security. He has an overall experience of 20 years in building information security and professional services businesses. Barry leads the organization’s efforts to grow the global demand for RBS’ cyber-threat security intelligence, risk management services, and consulting solutions. Barry is a CISSP with a degree in Statistics from Virginia Tech and holds a postgraduate in Industrial Engineering from NDSU. He is an ISO 27001 Trained Auditor & ISMS Implementer and is ITIL Foundation Certified.

“We provide innovative, value-adding products and services that continue to drive the security industry forward.”