Below is our recent interview with Michelle Smith, Director of marketing and strategic partnerships at BARR Advisory:
Q: Michelle, any highlights on your recent announcement?
A: Together, BARR Certifications and BARR Advisory are one of only nine firms in the nation that meet requirements of the ANAB and the American Institute of Certified Public Accountants (AICPA) to issue both ISO/IEC 27001 certifications and SOC 2 audit reports, respectively. This means that organizations seeking ISO/IEC 27001 certification and a SOC 2 audit now have a unified team of auditors to perform both assessments.
Q: Can you give us more insights into your offering?
A: ISO/IEC 27001 is the globally-accepted standard that defines the requirements of an Information Security Management System (ISMS) for service organizations. ISO/IEC 27001 certification from an accredited certification body means an organization has demonstrated adherence to those requirements. Accreditation by the ANAB—the largest mulit-disciplinary accreditation body in North America—validates BARR’s competence and independence in assessing the people, processes, and technology within a service organization’s ISMS.
Q: What can we expect from your company in next 6 months? What are your plans?
A: In the near future, we anticipate continued demand for cybersecurity and products, but our ultimate vision is greater automation and collaboration. To manage cybersecurity risk, we need great visibility into the threats. Today, we spend countless hours with outdated assessment and manual audit techniques. These hours may achieve compliance but it distracts us from a higher calling with real security. Compliance is important because it creates a standard way to communicate externally but the resources put toward compliance take away from thinking through evolving threat models that a compliance standard or regulation cannot possibly see. Our goal is to automate close to 100% of the primary compliance reporting such as ISO, SOC, NIST, and others so we can focus on the real value add of addressing cybersecurity strategy and evolving threat models.
Our vision of collaboration is twofold: we want to create a collaborative security culture and minimize the barriers to entry in the field of cybersecurity. Short term pain is always worth it for the longer term gain and we are all responsible for being more forthcoming with our issues and gaps. A culture of continuous improvement is needed, rather than assuming that a compliance report is the end goal. Today, businesses are too timid to share their security vulnerabilities with prospects, customers, regulators, and stakeholders because of the fear of not closing a deal or receiving a huge fine or penalty. A change in thinking is needed to recognize we are all in this together to solve the same problem of achieving confidentiality, integrity, and availability in our interconnected systems. Our vision here is to help our clients by partnering with their customers, vendors, regulators, and other stakeholders to solve problems instead of thinking this is an individual company’s issue.
Because cybersecurity is always evolving and a human issue at its core, our vision is to continue to build out our platform to cast a wider net for pulling in cybersecurity talent. Cybersecurity can be intimidating when you read job postings that require tons of certifications, years of experience, special degrees, and specific technology needs for very entry level positions. Our vision is to change that by collaborating with partners to minimize the barriers to entry and to fill a more robust pipeline of cybersecurity talent the industry demands.
Q: What is the best thing about your company that people might not know about?
A: We take a human-first approach to cybersecurity. Whether you’re a thriving SaaS startup or a well-established enterprise, when you partner with BARR, we’ll educate and empower your people, show you how to use security as a differentiator, and connect you to the best-fit industry experts and tools. With BARR, your challenges are our challenges; our successes are collective; our one team is unified. Bring us your security and compliance pain points, and we’ll work with you to solve them. Our goal is a simple one: to secure the world.