Update on

In late March we announced our new offering In this post we want to provide an update around what we’ve been working on through May and how it works.

The basic idea is captured in this quote:

A junior IT project manager with no security background can run a real security program with this tool!

Who Needs It

  • Companies with contractual security obligations (addendums, questionnaires, etc.)
  • Companies that are regulated (HIPAA)
  • Companies that are moving toward other audits (ISO, SOC2, FedRamp)

These companies need because hiring an FTE or a consultant is extremely expensive and without guidance they are lost or at risk of losing significant chunks of business. Not only that, for most organizations they just need a few hours a month to make some serious improvements to their security posture.

Increasingly, we’re seeing more smaller tech companies needing to build out some sort of security story. That’s the trigger for knowing that might be interesting.

What They Get

With, organizations get:

  1. Training
  2. Policies
  3. Scanning
  4. Key Tools (Risk register, vendor tracker)
  5. Tasks broken out and organized in a project plan

We digest NIST 800-53, and spit out the parts you need to know about first. We give you about ~20 key tasks to reach the first goal. To advance deeper into NIST 800-53 alignment, you can to a second Tier with ~50 tasks or a third Tier with more like ~150 tasks. Wherever possible, we try to make it easier by building the things you need right in to the tool.

So users also get a way to progressively navigate building a security program with the most important parts first and a way to self modulate how fast or slow they navigate the program.

An Opinionated System is opinionated. It fits best for organizations that are willing to adopt new policies and follow the path we set out. While we can adapt and modify for consulting engagements, those turn in to just that: consulting engagements that inherently cost more because they require more personalized attention.

With, we are not trying to be everything to everybody. We are setting out what we believe are best practices and then giving organizations an easy way to track their progress and use it. It is cost effective because it is highly structured.

Tasks align to policy.

Training aligns to policy.

Although we see being useful at larger comanies and at scale, we are not trying to build a system that is everything to everybody or where we incorporate features for high paying customers. We are trying to build the simplest possible system that works and helps companies in the most direct way possible. We’re trying to emulate BaseCamp in this way.

How Works On The Inside

As a user, you just log in and start working on tasks.

Some tasks represent policy approvals. You review the policy, identify the approver and track that they did.

Other tasks represent completing training. The system provides video based training for general security awareness and for the policies. Everything you need to meet basic training obligations.

Still other tasks are related to technical activities. As you complete tasks, you provide evidence. When you want to see how you are doing, we show your progress against a target project plan that includes those tasks.

When you want to get audited, the system provides easy access to all of your tasks and evidence and that illustrates what you have done. Its like a pre-emptive strike against having to run around and gather evidence for an auditor.

If you run in to problems or need help, we have a team of people who can help you navigate running your security program.

The Endgame

If you follow the project plana and complete the tasks, you can build a NIST 800-53 ready program and have a system that helps to make sure it stays on track and survives staffing changes.

Beta Program

We’d love to hear from you about any feedback. That can come just as an email, or if you are interested in getting more deeply involved, you can join our beta program and get access to roadmaps, customer advisory boards, etc.


© 2019-2022 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram