St. Louis Park firm develops its brand in IT security

Chad Boeckmann, founder and CEO of information security company Secure Digital Solutions, focuses on helping corporations and government agencies avoid data breach risks like those that affected the data of millions of customers at Target and Neiman Marcus.

As with many entrepreneurs, calculated risks played a key role in building his St. Louis Park-based company. The first, says Boeckmann: persuading his wife to cash out their retirement accounts to launch the firm in 2005 after he left a corporate information security position.

More recently, Boeckmann has invested in branding by hiring practice leaders with at least a decade of experience and certification in their disciplines and developing proprietary products and services. Those include an Information Security Dashboard that gives executives an easy-to-read snapshot of their information security program, with green, yellow and red colored boxes showing where the company stands on dozens of security-related activities. Red means major improvement is in order.

Boeckmann's overall goal has been to refashion what began as a business built around the skills of Boeckmann and a number of subcontractors into a company with a brand known for local market leadership and competitiveness with the Big Four audit firms.

In addition to the branding efforts, Boeckmann in 2011 hired his former subcontractors as employees. The two moves paid off as revenue grew 40 percent in 2012 and 45 percent last year, reaching $2 million. Boeckmann projects a 50 percent increase this year. He expects the company's staff, which doubled last year to 10 employees, to double again by the middle of next year.

"This is validation that, in making that decision to build on the brand, invest in the people and establish these proprietary processes, the market has responded well to those actions," Boeckmann said.

Secure Digital Solutions, or SDS, offers technical security services and governance, risk and compliance services to help companies address information security, data protection and regulatory needs. In some cases, it manages all or part of a client's security program.

While news of Target's massive data theft may bring more interest in information security, it came as no surprise to Boeckmann and, he said, shouldn't to businesses of any size. Company owners and executives need to realize that they face changing security risks every day, he said.

"Security is not an event," Boeckmann said. "Once you have a system, a program established, you realize it's part of doing business. It's a continuing process. … Cyberspace is the new battlefield. It's up to the information security leaders and experts to find the problems before the bad guys do and fix those problems before the bad guys exploit them."

Cirsten Paine, director of information security at Medica, uses SDS' Information Security Dashboard to illustrate its security work to senior leadership. "It's such a good and quick picture of where our information security posture stands," Paine said.

Chris Caldwell, CEO of LockPath, an Overland Park, Kan., company that offers a software platform for managing governance and risk compliance initiatives, said his company's teams and clients have had positive experiences when SDS has served as a partner on implementations or special projects.

"They're great people, first, and they're very good at their jobs," Caldwell said. "In the consulting space, that's critically important."

The company's product-enabled model, with its Information Security Dashboard, is a best-in-class approach, Harvath said, and specializing in a fixed group of markets is wise. Clients likely will be looking for subscription-based services as processes and data move quickly to the cloud.

Harvath said the only constraint is likely to be finding qualified talent, a problem most tech companies face.