John Harmon, promoted this month to president of FRSecure, is working to advance the Minnetonka-based information security consultancy’s mission to “fix the broken security industry.”
FRSecure assesses information security vulnerabilities, develops risk-management plans and helps clients execute them, Harmon said. Clients include companies in regulated industries such as financial services and health care and organizations that serve them.
“We get upset when we see people victimized in this way,” Harmon said of breaches or unauthorized access to confidential business information. “[We] want to squeeze every last drop of good security juice out of whatever we’re doing and provide the most value.”
Harmon, who was previously chief operating officer, joined FRSecure in 2012 with more than a decade of business leadership and information technology-industry experience. FRSecure, which was founded in 2008 and employs 75 people, has grown 40 percent a year in the past few years, Harmon said. While demand for information-security services is rising sharply, he said, the industry faces a steep talent shortage.
To help address that, FRSecure since 2010 has offered free classes to help prepare people for the Certified Information Systems Security Professional (CISSP) exam, Harmon said. “A lot of our customers attend and their team members then become better at security, which helps them with the mission,” he said.
Q: How is the information security industry broken?
A: We see a lot of bad guidance or advice being given out that is more for the sake of selling a product. We don’t sell hardware or software. We’re strictly advisers and consultants. We help organizations understand their security challenges, what’s the most effective way to tackle them and give them the unbiased view of how to go about that.
Q: What are any new goals or priorities as president?
A: A huge initiative we have this year is going to be around the customer experience and customer service. We want to shore up some of those processes and get [customers] going from “we like working with FRSecurity” to creating mad fans of ours who help us evangelize and bring the mission to whomever they can.
Q: What are some considerations in deciding between hiring a full-time information security officer or using a virtual one such as FRSecure?
A: A lot of [companies] participate in that because of the shortage of expertise in our industry. They can’t find those people to hire full time. A lot of our clients who are in the handful of employees up to maybe a few thousand couldn’t keep a full-time security officer busy. It’s better to rent one part time and get that help than to go out and hire somebody that you may not find and you probably can’t afford.