Kennedy launched TrustedSec from the basement of his former Berea home seven years ago. At the time, the CIO had made strides in creating a more security-conscious atmosphere at Diebold while patching holes in its legacy security infrastructure, but he wanted to extend his expertise to other organizations.
Today, the security consultancy employs 65 people. About 35 work out of its Pearl Road office in Strongsville, with remote workers scattered across the country and a few employees overseas, including in Norway and London, for its European clientele.
The private firm does not share revenue figures, but Chris Boesch, sales and marketing vice president, said business has spiked 35% in each of the last two years. Last month alone, TrustedSec added 11 new hires, he said, and expects to have up to 60 Cleveland-area employees when it moves to Summit County in late 2020.
TrustedSec specializes in assessing security threats and advising organizations on how to address flaws and/or enhance their protective features. It performs simulations to hack into a client’s website, executive emails and databases with sensitive information such as customer credit cards or employee Social Security numbers. Consultants also hop fences and attempt to physically intrude in their clients’ offices to gain access to internal servers and computer terminals.
In addition, the firm provides incident response for organizations that have experienced a cyberattack.
“We boot the hackers out, get all the hooks out of the system and figure out how the initial breach occurred,” Kennedy said.
TrustedSec’s sister company, Binary Defense Systems, provides subscription-based endpoint monitoring of a company’s phones, laptops, computer terminals and servers, as well as remote threat response.
Kennedy said TrustedSec’s client roster does slightly mirror Northeast Ohio’s strong presence in finance, health care and manufacturing, but growth has been driven more broadly by an increasing awareness about the cyberthreat landscape among enterprises of all types and sizes.
“What is great about cybersecurity as a business model is that it reaches across all industry verticals,” he said. “So we work with small to medium businesses that make little widgets to the biggest companies in the world. We do work with the Fortune 500, the Fortune 1000, even entire countries securing their infrastructure.”
Many small and midsize businesses struggle to properly address cybersecurity alone because their modest IT staffs are focused on the day-to-day operations of keeping systems up and running, Kennedy said. Meanwhile, larger organizations with dedicated IT teams can find it challenging to hire and keep security professionals due to the limited talent pool.
Jess Walpole, vice president of global IT security and operations at Cleveland-based Lincoln Electric Co., said in some cases, companies can’t justify acquiring such specific skill sets full-time. According to Walpole, Lincoln Electric has contracted with TrustedSec to assist with enterprise security.
It’s not practical to retain an internal team of incident-response individuals with the breadth and depth of skills of what Kennedy can provide, Walpole said. “Our team supports initial assessments, and we partner with his firm to extend out capabilities. … As threats continue to become more sophisticated, there is a growing need to find trusted partners like TrustedSec to augment our own bench strength.”