Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Security Startups: Interview with Brinqa President and co-founder Hilda Perez

Security Startups Feature on Brinqa

Security Startups Feature on Brinqa

Company: Brinqa  |  Who: Hilda Perez, President and Co-founder

SecurityWeek: How did you start out in the computer field and in particular, security?

Hilda: My career spans over 20 years of just focusing on technology – hardware, and mostly software. I started out at the university, administrating and getting to know how things work. From there I moved to Motorola to manage their 24×7 Ops. I continued to Tivoli, which was my first experience with startups. There I was solely responsible for the software, managing all their security ops. Today Tivoli is owned by IBM and the software focuses on admin management.

Photo of Hilda Perez
 Hilda Perez, President and co-founder of Brinqa

I later met a few founders in Austin of a company called Waveset, which worked on the next generation of management software, and I ran their engineering team. After 4.5 years, the company was acquired by Sun MicroSystems. At that time, Sun was looking to acquire small companies to help them establish themselves as having software market presence. When I came in, I was responsible for ID management and all ID products. I was at Sun for 7 years and there I also got involved in M&A activities – taking a product suite and looking at filling the gap within Sun’s own software portfolio. In that time, through acquisitions of role management, I got to meet a small company outside of LA and that’s how I met Amad Fida. The two of us are co-founders of Brinqa.

SecurityWeek: What brought you to found Brinqa?

Hilda: At the time that we started Brinqa, in 2008, SOX and regulatory compliance were hitting. This whole market, called GRC, started getting a little intense. There was a real need for healthcare organizations and large enterprises in terms of auditing and compliance. When we first started Brinqa we were addressing the whole area around helping companies with compliance reporting and in time, the customers drove us to the niche where we are – doing risk analytics.

SecurityWeek: What triggered that shift to risk analytics?

Hilda: There are four reasons as to why we focused on risk analytics:

First, businesses were demanding better insight. They had all these apps which they bought for one reason or another – a project was starting or there was a business need around gathering vulnerability data – and that started building up a lot of data around specific areas in security. They were asking us whether we could provide better insight as to what the data was saying on a business level. Executives were not interested in the fact that 50 people had inactive accounts; they wanted to understand how many apps those people still had access to, and what data was on those systems.

Second, it wasn’t just about the compliance report being checked off. It was more about what goals the business was targeting against those particular risks that were showing up in the report. For example, say you turn on the compliance report which states that you complied with four out of five requirements. What about the 5th requirement that you failed? Who would follow up on that? Risk analytics was more about analyzing those results and being able to remediate.

Third, educating around having a risk-based culture. In other words, what if you have ten risks sitting in a list somewhere – why would you be working on three risks rather than on all ten? Risk analytics allows us to address and evaluate all the risks against where they came from. For example, do they come from an app that is very critical from a business point of view, or from a random app that isn’t collecting data that necessary to the business.

Fourth, addressing the volumes of data. Brinqa filters out just the relevant stuff – anything coming out of it is prioritized and analyzed while everything else is noise or clutters the view.

SecurityWeek: How did you get Brinqa off the ground?

Hilda: Essentially, we just bootstrapped. We began a project in a phased approach which allowed us to get service dollars very quickly. That way we were profitable already in year two – allowing us to continue our business, get a customer deployed and build a project while filling the requirements. Typically, companies will have 2-3 years to build a product and in that time burning their cash, but we had service dollars while finishing off the product so we did not need to raise money or VC funds. There are pros and cons to this approach. It’s a bit slower than just throwing millions of dollars to get the product up and running. The benefit was that it allowed us to get customer feedback, think of features that could be generic, implement them in the product, and end up with a really good product.

SecurityWeek: What’s your business model?

Hilda: It’s subscription-based pricing on an annual basis which is exclusive: one price for the product and support.

SecurityWeek: Who are your biggest competitors?

Hilda: We don’t have any competitors yet in the risk analytics market – it’s not yet a defined market in terms of Gartner or Forrester. But when we go for an RFP, many times we’ll run into companies such as MetricStream, Agiliance, and sometimes Archer. Those companies are very focused on IT GRC, or GRC in general, while we’re in risk analytics.

SecurityWeek: Where do you think is risk analytics is going to go from here?

Hilda: Given that many customers and prospects we’re getting in front of are saying that they have this problem, then the need is only going to increase. It’s a real pain-point for anyone we talk to today. A lot of the big players are starting to talk around it. IBM started doing just marketing around analytics. Once a big company just starts to talk about it then you know it’s real since they’re hearing it from their customers.

SecurityWeek: Is Brinqa hiring? If so, what do you look for when you hire?

Hilda: We’re perpetually hiring since I’m always looking for someone who’s a good fit and knows what to do. Right now, I’ve got positions posted online for jobs.

We’re in a position where everyone needs to be delivering 100%. If you look around there are a lot of people looking for jobs but not necessarily with the skills needed for the job. Ten years ago it would’ve been easy to fill seats with warm bodies. Now it’s so much harder to hire since you have to sift through so many people that don’t fit in order to dig out the one that fits into the culture of the organization.

SecurityWeek: Any tips for other entrepreneurs starting out?

Hilda: Sit back and enjoy the ride. After all, it’s an experience. You have to go out and discover things you didn’t know before. You either jump in and learn, or you shouldn’t be doing what you’re doing.

SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?

Hilda: Waveset. They did ID management software and the company was acquired by Sun. The team there simply clicked together. It was just for that reason, not necessarily the technology or what we were doing. It was a very good functional team – everyone was particularly good because of their expertise and everyone got along really well.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.