The mission of Turnaround Security is to tackle “hard problems” in the information security and privacy domains, innovate creative solutions, bring them to market, and to offer innovative cyber security information services.
One need not look very far today to see the massive extent of personal, business, and financial data breaches resulting from systems that are not secure and resilient against insider threats, hackers, criminals, terrorist organizations, and adversarial nation states.
This state of insecurity and lack of resilience impacts society in numerous ways. We are at the early stages of the evolution of product liability law pertaining to information security and privacy. Take, for example, mandatory seat belt laws. These laws were passed after a certain level of deaths and expenditures by insurance companies reached the point where the government had to step in. In many businesses, security and privacy hardening by design takes a back seat to getting the product out the door and making a profit. The result is a fragile information technology infrastructure that seems to require billions of dollars per year of products and services provided as bolt-on solutions to this systemic problem. Meanwhile, the personal information of billions of individuals, their financial account details, proprietary information of businesses, and sensitive government data, have fallen into the hands of criminals, terrorist organizations, and adversarial nation states, who certainly do not have our best interests in mind. The lack of individual control and ownership of the disclosure and maintenance of personal private information just further exacerbates the problem. In some cases the breaches extend to one’s family, relatives and friends—even to the point of compromising national security.
We envision a world where security and privacy hardening by design is front-of-mind when defining requirements and designing hardware and software. We envision a world where hacks are precluded by design, systems monitor for and respond to abnormal activity, and where system components work together to form an agile security architecture that is responsive and resilient to attack. We also envision a world where individuals have ownership and control of the disclosure and accuracy of their sensitive personal information. Many people are already working on different aspects of these best practices and solutions. However, they all need to be applied together to be effective. Businesses and industry must continue in this direction prior to the government stepping in and passing changes to product liability law to hold product companies and their business users more strictly accountable for these inherent flaws. We envision a generation that no longer suffers from apathy pertaining to privacy and data breach fatigue—a generation that once again has control over its private information.
There are a number of hard problems that need to be solved to achieve this vision. We aim to Turnaround Security through elementary yet holistic solutions to these problems.
Our principals have experience as Chief Information Security Officer, Enterprise Security Architect, Security Engineer, DevOps Engineer, Process Consultant, Lead Product Demonstrator, Paralegal, Game Developer, Programmer, and Electronics Engineering. They have served major corporations and government agencies, including the Department of Homeland Security, The United States Mint, The World Bank Group, Barclays, IBM, General Dynamics C4 Systems, Lockheed Martin, The Vanguard Group of Investment Companies, Chrysler, Visa International, Verizon Communications, United Services Automobile Association (USAA), UnitedHealth Group, U.S. Department of Justice, Hostess Brands, Revlon, Neiman Marcus, and Bloomingdale’s.
The concept that spawned the creation of Turnaround Security had its roots beginning in 2014, with our founder working as an Enterprise Security Architect on a large government project. Faced with development leads that created system security plans that were lacking in quality, the ideas leading to AppSec DesignerTM were born. Prototypes were built and presented to various Open Web Application Security Project (OWASP) chapter meetings, Shmoocon Epilogue, and the 2016 SABSA conference in Dublin, Ireland. The project has since been turned into an OWASP project.
Our team is composed of three family members, and has been supported by over 12 professionals in various fields, including graphic design, web site development, news, social media, communications, financial management, product development, and advertising.