Security Experts:

Security Startups: Interview with Brinqa President and co-founder Hilda Perez

Security Startups Feature on Brinqa

Company: Brinqa  |  Who: Hilda Perez, President and Co-founder

SecurityWeek: How did you start out in the computer field and in particular, security?

Hilda: My career spans over 20 years of just focusing on technology – hardware, and mostly software. I started out at the university, administrating and getting to know how things work. From there I moved to Motorola to manage their 24x7 Ops. I continued to Tivoli, which was my first experience with startups. There I was solely responsible for the software, managing all their security ops. Today Tivoli is owned by IBM and the software focuses on admin management.

Photo of Hilda Perez
 Hilda Perez, President and co-founder of Brinqa

I later met a few founders in Austin of a company called Waveset, which worked on the next generation of management software, and I ran their engineering team. After 4.5 years, the company was acquired by Sun MicroSystems. At that time, Sun was looking to acquire small companies to help them establish themselves as having software market presence. When I came in, I was responsible for ID management and all ID products. I was at Sun for 7 years and there I also got involved in M&A activities – taking a product suite and looking at filling the gap within Sun’s own software portfolio. In that time, through acquisitions of role management, I got to meet a small company outside of LA and that’s how I met Amad Fida. The two of us are co-founders of Brinqa.

SecurityWeek: What brought you to found Brinqa?

Hilda: At the time that we started Brinqa, in 2008, SOX and regulatory compliance were hitting. This whole market, called GRC, started getting a little intense. There was a real need for healthcare organizations and large enterprises in terms of auditing and compliance. When we first started Brinqa we were addressing the whole area around helping companies with compliance reporting and in time, the customers drove us to the niche where we are - doing risk analytics.

SecurityWeek: What triggered that shift to risk analytics?

Hilda: There are four reasons as to why we focused on risk analytics:

First, businesses were demanding better insight. They had all these apps which they bought for one reason or another – a project was starting or there was a business need around gathering vulnerability data - and that started building up a lot of data around specific areas in security. They were asking us whether we could provide better insight as to what the data was saying on a business level. Executives were not interested in the fact that 50 people had inactive accounts; they wanted to understand how many apps those people still had access to, and what data was on those systems.

Second, it wasn’t just about the compliance report being checked off. It was more about what goals the business was targeting against those particular risks that were showing up in the report. For example, say you turn on the compliance report which states that you complied with four out of five requirements. What about the 5th requirement that you failed? Who would follow up on that? Risk analytics was more about analyzing those results and being able to remediate.

Third, educating around having a risk-based culture. In other words, what if you have ten risks sitting in a list somewhere - why would you be working on three risks rather than on all ten? Risk analytics allows us to address and evaluate all the risks against where they came from. For example, do they come from an app that is very critical from a business point of view, or from a random app that isn’t collecting data that necessary to the business.

Fourth, addressing the volumes of data. Brinqa filters out just the relevant stuff – anything coming out of it is prioritized and analyzed while everything else is noise or clutters the view.

SecurityWeek: How did you get Brinqa off the ground?

Hilda: Essentially, we just bootstrapped. We began a project in a phased approach which allowed us to get service dollars very quickly. That way we were profitable already in year two - allowing us to continue our business, get a customer deployed and build a project while filling the requirements. Typically, companies will have 2-3 years to build a product and in that time burning their cash, but we had service dollars while finishing off the product so we did not need to raise money or VC funds. There are pros and cons to this approach. It’s a bit slower than just throwing millions of dollars to get the product up and running. The benefit was that it allowed us to get customer feedback, think of features that could be generic, implement them in the product, and end up with a really good product.

SecurityWeek: What's your business model?

Hilda: It’s subscription-based pricing on an annual basis which is exclusive: one price for the product and support.

SecurityWeek: Who are your biggest competitors?

Hilda: We don’t have any competitors yet in the risk analytics market – it’s not yet a defined market in terms of Gartner or Forrester. But when we go for an RFP, many times we’ll run into companies such as MetricStream, Agiliance, and sometimes Archer. Those companies are very focused on IT GRC, or GRC in general, while we’re in risk analytics.

SecurityWeek: Where do you think is risk analytics is going to go from here?

Hilda: Given that many customers and prospects we’re getting in front of are saying that they have this problem, then the need is only going to increase. It’s a real pain-point for anyone we talk to today. A lot of the big players are starting to talk around it. IBM started doing just marketing around analytics. Once a big company just starts to talk about it then you know it’s real since they’re hearing it from their customers.

SecurityWeek: Is Brinqa hiring? If so, what do you look for when you hire?

Hilda: We’re perpetually hiring since I’m always looking for someone who’s a good fit and knows what to do. Right now, I’ve got positions posted online for jobs.

We’re in a position where everyone needs to be delivering 100%. If you look around there are a lot of people looking for jobs but not necessarily with the skills needed for the job. Ten years ago it would’ve been easy to fill seats with warm bodies. Now it’s so much harder to hire since you have to sift through so many people that don’t fit in order to dig out the one that fits into the culture of the organization.

SecurityWeek: Any tips for other entrepreneurs starting out?

Hilda: Sit back and enjoy the ride. After all, it’s an experience. You have to go out and discover things you didn’t know before. You either jump in and learn, or you shouldn’t be doing what you’re doing.

SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?

Hilda: Waveset. They did ID management software and the company was acquired by Sun. The team there simply clicked together. It was just for that reason, not necessarily the technology or what we were doing. It was a very good functional team – everyone was particularly good because of their expertise and everyone got along really well.

view counter
Noa is a private consultant specializing in building thought leadership teams within tech companies. She is one of SecurityWeek’s first columnists with previous columns focusing on trends in the threat landscape. Her current interest lie on the business-side of security. Noa has worked for Imperva as a Sr. Security Strategist and before that, as a Sr. Security Researcher. She holds a Masters in Computer Science (specializing in information security) from Tel-Aviv University.