Say hello to episki 👶 🎉 💙article
a tool designed for security assurance, delivering to lean and growing companies
Hi, my name is Justin, and for those of you that do not know me, I've been around the information security industry for a while now. I started out learning from my dad back in the early 90s and have continued my knowledge over the years. From software development, system administration, penetration testing, and now primarily focusing on advising organizations around governance, regulatory, and compliance activities.
Throughout my experience, one of the lessons I've learned is the different advantages that more prominent companies have with the capability of acquirement tools to help to manage the security process. In smaller companies, that's called Microsoft Office 🤣 This is a shared pain point I have often come across; how does one effectively manage a security program without the budget of a Fortune X company. Lean teams try to stay ahead of the security curve and manage their security programs, but the tools they have to work with are spreadsheets, word docs, and being reactive to compliance assessments right before the auditors are coming on-site. They want to manage these effectively but lack the tools or budget that other tools require.
This is where episki comes in.
episki focuses on combining growing companies' security programs, regulatory and compliance needs, and assessment activity all under one source, so they have a central place of truth. People know what needs to be done, they know where the artifacts are, and it's clear where things stand, and everyone's accountable.
This takes the form of a plethora of modules we have developed, including:
- Managing security programs
- An assurance of compliance/regulatory frameworks
- Measuring with single assessments
- And more...
From here, we have plans to expand these offerings in the coming months to encompass all aspects of proper security management, including:
- Handling risk management
- Third-party risk assessments
- Issue management
- and integration with third-party tools
This is what we do here, and it will take many forms. We will always be working towards perfecting the system, but focusing on helping organizations gain the assurance they need and continually monitoring, so they can do their best work with their team, in their company, for their own customers.
Additionally, we are committed to helping build the information security industry as a whole. We have a few open-source projects in the works that we will be releasing over the next few months to help with managing controls, evaluating your security team sizes, and answering what security regulations apply to your organization. When releasing code, we will be utilizing the General Public License, version 3 (GPLv3), and encourage community involvement in contributing updates.
I'm excited to provide access to a private group of individuals and companies. Soon the public beta will be opening to all, and we will be making announcements through our web site and social media channels. If you have any questions or just want to have a conversation, please reach out to us - we'd love to talk with you!