How We Named Our Company
This is the story of how we came up with the name Impart Security.
Having worked on a wide range of network, cloud, and application security products across 4 different companies now, I’ve had the great opportunity of working with hundreds of CISOs and security practitioners as they work to build effective information security programs within their respective organizations. These experiences have given me a great deal of empathy for my customers and security practitioners in the industry overall.
The challenging reality for practitioners is that the Security role in an enterprise is very hard. For most of the customers I’ve worked with, Security teams are understaffed and overwhelmed by security threats, while at the same time being outgunned when it comes to political and human capital in their respective organizations to prioritize their initiatives and programs.
Over my career I’ve had the great privilege to work with some of the world’s best security practitioners at companies including Target, Amazon, Goldman Sachs, and Netflix, to help them build some of the industry’s most successful security programs. The common pattern that I’ve observed across these leaders is that they’re able to leverage themselves to make a tremendous impact into their organization. More than anything else, these leaders have been able to impart their knowledge, skills, and perspective into the culture of their companies, which is what makes their programs increasingly successful.
This core idea of helping our security customers to impart security knowledge into their organizations resonates very deeply with my co-founders and I. That is why we chose the name Impart Security. We wanted our company to stand for a meaningful and powerful point of view that demonstrates the right level of empathy for the day to day realities of the security practitioner experience.
What is Impart?
The dictionary.com definition of impart is to make known, tell; relate. All three parts of this definition are so important to the way we think about our company and the experience that we want to build for our customers. I want to go into some detail about each aspect of our name in order to help everyone understand what we stand for and what point of view we bring to the security market.
The first thing we want to help the security practitioner do is to make known the unknown. The modern practitioner needs to understand their entire attack surface and what is going on within it. From an API perspective, a practitioner needs to know about all of their endpoints, what type of data is being exposed via each endpoint, and whether or not the endpoint is being used in the way that it is intended by the correct person. While this is simple to say, this is a challenging hard technical problem to solve; requiring significant skills and experience in networking, devops, and auth to execute correctly.
It’s also critical to make known the entire attack surface. There are many bolt-on solutions today, which can provide visibility to a part of your attack surface; for example each cloud provide provides it’s own logging infrastructure (i.e. Cloudwatch for AWS), however these solutions do not provide a complete picture of your entire attack surface because they do not account for fragmentation in your tech stack, which invariably exists in the enterprise.
Lastly, it is critical to make known things in a timely manner. There are many approaches to security today that take a forensic approach, looking at data after the fact, for example using access logs. While these approaches can provide significant flexibility in creating custom queries and can aid with in depth investigations, often times by the time practitioners know what is going on, it’s too late to stop the problem.
In addition to being able to make things known, it’s also critical for us to help a security practitioner to be able to create a narrative. Bringing data to a meeting isn’t good enough, it’s also important for a security practitioner to be able to tell a story about noteworthy events, times, and findings along with the impact of those things on the business. Having easy to use and manipulate visualizations is critical to being able to tell this story, to find the critical point in time, and to understand the impact.
It’s also important for a security practitioner to share messages in the right place. Different teams in each organization love to work in different tools, whether it’s a CRM, a ticketing system, or a Slack channel. Having built in integrations with every team’s toolchain is critical to make sure that important stories get to people in the places where they work, not just some system they never are going to log into.
The last and most important thing that a security practitioner needs to do make their story relatable to their audience. There are different personas in every organization, whether it’s the DevOps persona who has to maintain changes to the CI/CD pipeline, the Product team who is balancing feature requests and technical debt, or the Development team who is actually writing code for new APIs.
Each of these stakeholders has a different contribution to the process of building, running, and securing a company’s APIs. There are different trade offs and sets of context that each stakeholder has and can share with the rest of the organization, and providing simple and automated ways for this context to be socialized in meaningful ways is important. For example, one way that a developer can share context about what an API is supposed to do is through documentation, including code reviews, design documents, and API specifications. Having elegant workflows that facilitate this context sharing makes it easier for the security practitioner to help contribute to a proper prioritization effort across the business.
Ultimately, for a security practitioner to be successful, they have to be able to convince others understand their point of view, and to remember the stories that they tell when they’re in the middle of their day to day job. The impact of these stories adds up over time and are what contribute to the cultural changes that I’ve seen at so many of my successful customers over the years.
Imparting the Security Perspective
In the end, our mission is to help security practitioners be successful by building them API Security tools that make their lives easier, and ultimately to help them impart their perspective into their organizations so that they can have a meaningful security impact beyond themselves.
If this sounds interesting to you, we’d love to chat! Check out our website at impart.security to learn more about our name, our products, or to try our product for yourself.