Big picture

Meet “the worst job in information security”¹: completing security questionnaires.

If you’re not already familiar, a security questionnaire is a modern torture device, designed to slow down sales cycles without actually improving security. You see, when a company wants to buy something from a vendor, they (rightfully) want to ensure the vendor follows information security best practices. This usually means the company wants the vendor to furnish documents, submit evidence, and answer specific questions they have.

The unfortunate part is that these specific questions are almost always organized with Excel or online portals that:

Have more tabs than can be viewed on a normal screen
Have dropdowns that don’t make sense² (if they work at all)
Tell you there are only 100 questions, but if you step on the booby trap another 100 questions show up
Ask questions that vendors have already answered elsewhere
Lack any sense of the vendor’s core line of business³

A wooden table on a sandy beach with a beautiful sunset behind it. On the table is a stinky dead fish. Digital art.

DALL-E Prompt: image that humorously depicts a security questionnaire as a modern torture device, cleverly illustrating its role in slowing down sales cycles without actually improving security

It’s no surprise that nobody likes to answer these security questionnaires. But they all need to be completed “yesterday” because they are a necessary step for the vendor to close new business.

This is no small problem. Globally, there are roughly 92 million pairs of significant customers and vendors looking to do business with each other. Companies throw enormous amounts of budget, resources, and people⁴ at the problem in an attempt to fix it.

Our first task is to automate this job and give security analysts time back to do real security work. We’re using an innovative pipeline that leverages AI, intuitive user experience, and other software automations to help vendors respond to security questionnaires in the easiest way possible, without compromising accuracy.

Eventually, instead of today’s slow and painful torture, imagine an instant, frictionless, and accurate exchange of the information necessary to answer the ultimate question: “Can I trust you?”.

That’s the world we’re here to build.

DALL-E Prompt: Ai happily delivering security reviews in record time

¹ Our customers’ words, not ours
² “How often do you rotate encryption keys?” Dropdown options: Yes, No, N/A
³ E.g. Do you require special drivers for your printers? (This question has been paraphrased to avoid humiliating the author)
⁴ And maybe cats too