Please give us a brief overview of your company.
Established in 1989, System 1 during its initial years focused on offered its services within the energy sector. At that point, the companies focused on helping the utility sector resolve risks to operations. For instance, we were helping them identify and manage operational risks, their remediation, what they needed to comply, and how they could do it efficiently and cost-effectively. One of our clients had eight plants, with each plant generating half a million to a million dollars a day in revenue. Therefore, the outlay involved in actually correcting the issue was not the main cost concern, the down time required to isolate and remediate the issue was. Because the time taken to solve the issue is directly proportional to the business loss incurred (revenue, fines, contract commitment, etc.), time is of the essence in a risk and compliance environment, and we at System 1 recognized that.
Having begun as a firm focused on providing information and infrastructure protection in the utility sector, System 1 and its staff have gone on to assist the White House, U.S executive departments, and foreign allies in developing their risk governance, policies, and concepts of operations. The company has since expanded its services in all areas of cybersecurity governance and has worked with several government agencies as well as private sector firms, primarily in the energy, financial, and health sectors. System 1 partners with its clients making risk management and compliance efforts more efficient and cost-effective.
Is there a process that you undertake to understand the client’s needs and then deliver the solutions accordingly?
We are a cybersecurity and critical infrastructure security consulting firm and not a technology firm therefore we are not ‘selling’ a specific technology solution.
Firm’s need an experienced GRC partner who understands both their business and the risk environment in which they operate, System 1 is that partner
Unlike some larger firms, our approach allows us to assist clients across the GRC program maturity spectrum including those with a resource constrained program or no program as is often the case for small and medium-sized businesses. In those cases, we first determine the right governance structure for their GRC program, the proper regulatory requirements, and all compliance issues. We then advise them on the requirements for their business and sector, establish the program and design supporting processes, and only then do we determine the proper technology platform for their program.
For our larger clients or those with well established programs, we focus on ensuring their program and the underlying technology platform continue to serving the purpose and objectives of the business. Often, we find that GRC governance, programs, and tools fail to mature and adapt as the business grows and changes. This can be due to changes in size, complexity, or strategic direction of the firm, as well as, shift in terms of market/sector regulation or oversight. We look within and at the interdependencies between a firm’s people, process, and technology platform assets; focusing on how they operate and their internal culture. It is critical that any program or technology solution we recommend adjusts quickly, efficiently, and easily to these key aspects of the business.
Could you share a customer success story that substantiates the advantages of your services?
It started with the CIO and the board of directors of a large international firm saying, “We don’t understand our cyber risk or its impact on our overall business risk position.” We began to talk with people across the company; the board, core operations executives, and different administrative department leads to understand their perceptions regarding risk and specifically cyber risks to business operation. We found that a GRC function existed and was fairly mature for financial, environmental, and safety aspects of the business, but it did not do good job of integrating cyber or cyber-physical risk into the companies risk view. They needed to understand and incorporate those risk sets into their larger program to ensure a full risk picture for executive leadership and the board. Working with them we defined the problem, identified the right set of risk metrics to provide the risk transparency they needed, and ensure the potential risk impact (physical and financial) was measured and then managed in a cost effective manner.
What lies ahead for System 1 and in what direction do you see the company going?
Looking forward, we are excited regarding the potential impact of AI and neural networking on both our clients’ businesses and our specific industry. We look to leverage these technologies and explore how they can help us gain deeper insight more quickly. To this end, we have started to look at the types of broader datasets these AI and neural networks will require. We need to determine how to collect detailed data from much further down the business work flow and construct the huge data pools that feed these technologies.
The other aspect we are looking at intently is the supply chain. The supply chain has become a tremendous area of risk for many firms. We have worked with multiple government agencies to and a small set of private sector firms to help scope the issue and we see a rapidly expanding need in today’s world. We are refining several services to better support our clients in diagnosing and mitigating the risk in their procurement programs.
Cyber risk is a global issue, and with its tailored integrated solution and expertise in this space, System 1 is all set to expand its global footprint.