FRSecure

Introduce your business and what you do there.

I’m the CTO for a high school district in Park Ridge, Illinois that has about 6,500 students in three schools. We’re the first school district to ever adopt Google; our schools are among the best in Illinois. As the CTO, I’m in charge of all the technology used in the district; I’m responsible for everything from data systems and infrastructure to classroom equipment.

What challenge were you trying to address with FRSecure?

Prior to my arrival at the district, there were no security efforts. As a result, I needed some help to get a better cybersecurity program.

What was the scope of their involvement?

FRSecure gives me high-level advice and recommendations on how our organization can move forward in terms of establishing a security program. They essentially serve as our virtual chief information security officer (vCISO). They do most of their work for us remotely. The FRSecure team also offers penetration testing services, and I plan to take them up on that offer for our network. 

What is the team composition?

I work with two people from FRSecure. One of them is a customer representative; he’s in charge of the company’s relationship with me. The other person is a project manager’s who’s highly familiar with security programs. 

How did you come to work with FRSecure?

I found FRSecure’s contact information after I underwent a free Certified Information Systems Security Professional (CISSP) training program. That was how I first engaged with them. During that time, I acquired a favorable opinion of their organization — I became convinced of their expertise and alignment with our group’s mission. Their integrity stood out to me. As a result, I hired them. 

How much have you invested with them?

We’ve spent around $24,000 on their vCISO service; I also pay around $10,000 for their retainer. 

What is the status of this engagement?

We started the engagement in August 2021, and it's ongoing. 

What evidence can you share that demonstrates the impact of the engagement? 

FRSecure has successfully provided me with the foundational documents that I need to start our district’s cybersecurity program. Those documents include policy templates, disaster recovery plans, business continuity plans, and business impact analysis templates.  

How did FRSecure perform from a project management standpoint?

Their management skills are outstanding. Our engagement isn’t project-based; they simply provide the expertise that I don’t have. However, they offer great tools in terms of helping me do the foundational work necessary to start our security programs. In terms of communication, we talk on a bimonthly basis over the phone.

What did you find most impressive about them?

The team is more interested in their mission than money — that’s reflected in the fact that they offer free CISSP certification. They’re essentially donating their expertise to the profession, which is incredibly impressive for me. In other words, their integrity and relevance have been outstanding. Overall, the team is truly passionate about security and helping organizations. While they also need to make money, they’re truly more dedicated to making others secure. 

Are there any areas they could improve?

No, there aren’t any. The team has been responsive to my needs; they tailored their work around such needs. 

Do you have any advice for potential customers?

Know what you need. On top of that, somebody from your leadership team should handle the engagement with FRSecure. That person should be able to look into the relationship strategically. 

In my experience, many organizations jump directly to the day-to-day security operations. They buy the latest technologies that the vendor assures them will protect their organization — without analyzing their risks first. However, you can’t have a security program without doing some foundational work first, such as getting sign-offs from the executive team. FRSecure can help with this and lay a good groundwork for cybersecurity governance. 

Introduce your business and what you do there.

I’m the general manager of Brin Glass, a multi-location glass company across Minnesota. 

What challenge were you trying to address with FRSecure?

We needed help in cybersecurity. 

What was the scope of their involvement?

FRSecure provided us with a cybersecurity assessment. They conducted ethical network attacks, and their team prepared reports that detailed how we can improve our security. They gave suggestions on what we needed to close down and open up. 

What is the team composition?

I’ve worked with 7–8 teammates. Kelly (Client Success Manager) is our project manager. 

How did you come to work with FRSecure?

I had worked with FRSecure in the past. Their reputation was outstanding due to their high-quality work. When my current company needed the services they offered, it was an easy decision for me to lean towards FRSecure. 

What is the status of this engagement?

We worked together from October–December 2021.

What evidence can you share that demonstrates the impact of the engagement? 

FRSecure touched on over 150 items throughout our network. I had been 100% satisfied with their work, and they had exceeded expectations. 

How did FRSecure perform from a project management standpoint?

FRSecure was perfect when it came to project management. They even waited for me a few different times. Nonetheless, they had been on top of the engagement — they were always on time, and their deliveries were spot on. We communicated through emails, phone calls, and Zoom meetings.

What did you find most impressive about them?

The thoroughness and completeness of FRSecure’s work were impressive. In addition, their team was incredibly professional and had all the necessary certifications. They were efficient and did a very good job. They overperformed and gave us more than we asked for.

Are there any areas they could improve?

I can’t think of anything. 

Do you have any advice for potential customers?

Be open and candid — the more information you provide, the better their work will become. Be honest with them, and they’ll work with you to create a solution. 

Introduce your business and what you do there.

I’m the VP of information security of a SaaS company that provides merger and acquisition life cycle support.

What challenge were you trying to address with FRSecure?

We needed a company that could help us improve our security posture by providing testing and monitoring services.

What was the scope of their involvement?

FRSecure handled our organization’s security assessment in 2019, and we worked with them again in 2020 to test the improvements in our security controls.

This year, FRSecure provided three distinct services for us. They started the project by conducting an external penetration test, where they tested the external perimeter of our public-facing assets. After that, they did an internal penetration test wherein they tested our internal security controls.

The third service they provided was a risk assessment, which was essentially a miniature internal audit that was done to test the quality of the security program controls that protects our organization. They assessed our policies, procedures, and overall security controls.

What is the team composition?

We worked with three project managers, each of whom was assigned to the three separate engagements, a lead analyst, and an additional FRSecure employee who was our primary contact.

How did you come to work with FRSecure?

FRSecure was recommended to us by our previous chief security officer.

How much have you invested with them?

We invest $60,000 per year in FRSecure.

What is the status of this engagement?

We started working together in April 2019, and the engagement is ongoing.

What evidence can you share that demonstrates the impact of the engagement?

We have seen an improvement in our security controls, which have moved up a classification from fair to good. That was definitely a positive step for our company.

How did FRSecure perform from a project management standpoint?

FRSecure performed very well in terms of project management — they were incredibly responsive to any requests or questions that we had.

We primarily communicated with them via email or phone.

What did you find most impressive about them?

I’m really impressed with FRSecure’s focus on our needs and the removal of barriers. They are always willing to engage and empower us by providing constructive criticism and functional improvements that we could employ. They don’t just give us reports and tell us to do better next time — they actually provide us actionable feedback to help us improve ourselves and secure our organization.

Another thing that I like about them is that they don’t upsell themselves. Typically, vendors just want to sell you as much as they can, but that has never been the case with FRSecure. When we were looking into recommendations for some services that FRSecure doesn’t offer, they actually helped us connect with another vendor who could provide those services for us. 

They are very transparent about what they can or can’t do, and they’re willing to really work with us to determine our needs and get those solved, no matter what.

Are there any areas they could improve?

We asked them to provide us with a mapping of the international standards that the risk assessment program they performed is built on, but they haven’t delivered that yet. Other than that, there isn’t really anything I think they could improve on.

Do you have any advice for potential customers?

Make sure to be as open and transparent as you can be so they can help you in the best way they can.

Introduce your business and what you do there.

I’m the director of audit and risk management for Platte Valley Companies. We’re a financial services company that consists of three banks, an insurance firm, and an investment center.

What challenge were you trying to address with FRSecure?

We were required by our regulators to have an annual external penetration testing done, so we hired FRSecure to do it for us.

What was the scope of their involvement?

FRSecure provides us with standardized IT penetration testing. What they do is identify areas of improvement within our security by breaching our firewalls to look for weaknesses.

What is the team composition?

We work with Jennifer (Senior Account Executive) and Matt (Client Success Manager).

How did you come to work with FRSecure?

They reached out to me quite some time ago and sent me a free webinar. We went with them because we felt like they would provide the best value for us.

How much have you invested with them?

So far, we’ve spent around $6,500.

What is the status of this engagement?

The ongoing engagement started in May 2021. We’re going to work with them again to perform penetration testing in 2022.

What evidence can you share that demonstrates the impact of the engagement?

They implemented some tools and tactics that we haven’t seen before, and we just feel like the value they provide is good for the work that they do. They gave our in-house IT team actionable information to keep the project going.

How did FRSecure perform from a project management standpoint?

Their whole process is thorough so we're able to identify outdated security information like expired SSL certificates.

What did you find most impressive about them?

One thing that’s important from an internal audit perspective is the timeliness of the work, so we’re very impressed with how they start and end their work on time. Even though we’re a small client to them, we still feel like we’re certainly valued.

Are there any areas they could improve?

I can’t think of anything because we’re pleased with the work they’ve done.

Introduce your business and what you do there.

I am the VP of tech and operations for Emerging Therapy Solutions, a healthcare service provider. We provide coordination of transplant services from traditional organs to bone marrow. We are also breaking into the new gene therapy transplant market, helping get those services into the hands of patients that need them.

What challenge were you trying to address with FRSecure?

In the healthcare space, we have to keep everything secure to protect patient’s data. We were looking for help creating a baseline annual security review process.

What was the scope of their involvement?

FRSecure provides cybersecurity and testing services. First, they helped with our annual security review. This is a comprehensive review of everything related to our business, including policies and procedures. Their team also performed an internal scan and audit of our systems, reporting on the maturity level of our infrastructure. They helped us create a roadmap where we can track progress reports on security compliance. 

Next, they provided recommendations for what they viewed as areas of weakness. They also provided a rating and an explanation of their rating scales. This showed us how we rank against norms and standards and where we should be.

The team also ran an external penetration test against our public-facing audits. They scanned and tested the security of those systems. Then, the FRSecure team provided reporting on any vulnerabilities they found through those tests and recommendations to remedy them. Finally, they run quarterly internal scans.

What is the team composition?

I work with three members of the FRSecure team, including Christy (Client Success Manager), Victoria (Security Analyst), and Joshua (Associate Analyst).

How did you come to work with FRSecure?

Our compliance officer had worked with FRSecure while at another company and recommended them to us. 

How much have you invested with them?

We have invested between $15,000–$20,000.

What is the status of this engagement?

Our ongoing engagement with FRSecure began in September 2020. We have a two-year contract with them.

What evidence can you share that demonstrates the impact of the engagement? 

Based on my past experience, working with FRSecure was exceptional. They’re extremely knowledgeable. This can be a daunting task for an organization and they were very professional and patient. 

The FRSecure team doesn’t waste time, they get right to it. Additionally, the results were very well laid out and did a great job of giving us a clear picture of what we needed to work on. They were also willing to accommodate some of our extra requests. 

How did FRSecure perform from a project management standpoint?

Christy currently runs our account and she does a great job communicating with us. I ended up feeling like they were a part of our team.

What did you find most impressive about them?

They brought professionalism, experience, knowledge, and logic to this endeavor. From the get-go, you can tell they’re experts in the space. I felt comfortable working with them, they really know what they’re talking about. 

Are there any areas they could improve?

No, everything went exceptionally well. 

Do you have any advice for potential customers?

Explore the process upfront with them. Go into the engagement knowing you’re going to work with a well-organized, well-structured, and professional team. Listen to them and don’t fight the process.

Please describe your company and your position there.

Founded on June 7, 1997, CaringBridge was the first social network created for communicating during a health crisis, developed nearly a decade before most social networking sites, including Facebook (2004) and Twitter (2006). CaringBridge is the first and most widely used global social network dedicated to helping family and friends communicate with and support loved ones during a health journey through the use of free, ad-free personal websites.

Our vision is a world where no one goes through a health journey alone. CaringBridge.org is used by over 30 million unique visitors every year, an average of almost 300,000 people visit CaringBridge per day, and those visitors come from over 235 countries and territories. CaringBridge is a non-profit with nearly 90% of funding coming from individuals who have used the site on a health journey. In 2019 we have more than 120,000 individual donors. More than a million donors have supported CaringBridge since 2002. My position is CTO, responsible for the product and technology which powers our mission.

For what projects/services did your company hire FRSecure?

We used FRSecure to assess and test our product's and organization's security capabilities.

What were your goals for this project?

CaringBridge is used by people going through very difficult times and often requiring that they communicate sensitive and personal information to their community. Part of our brand promise is that we will provide a secure and safe environment for them to work with their community of support.

Our objective was to evaluate the security of our environment and site to ensure we can provide the level of protection that our users expect. In addition, we are a non-profit that has limited resources and requires a security program that fits our organization.

How did you select this vendor?

FRSecure has a comprehensive yet lightweight framework for evaluating an organization's security capabilities. Their cost was reasonable yet they provided excellent technical expertise.

Describe the project in detail.

We used FRSecure for our original assessment in early 2018. They provided both a risk assessment and an external Web Penetration Test. With their results they provided both a detailed assessment of our capabilities as well as templates and deliverables to jumpstart our remediation efforts.

We just completed a second round of security assessments including a risk assessment and an external Web Penetration Test in December 2019. Based on the framework they had provided for our previous remediation, we significantly improved our secure posture and capabilities since the original assessment in 2018.

What was the team composition?

The team included an executive sponsor and technical experts from CaringBridge. FRSecure supplied a project manager and technical security experts for the assessment.

Can you share any outcomes from the project that demonstrate progress or success?

Our security posture increased by 75% using a risk assessment scoring methodology from 483 to 702. The number of identified security issues dropped significantly. The framework that FRSecure provided to us significantly helped us to focus our remediation efforts and resolve individual security exposures.

How effective was the workflow between your team and theirs?

The coordination of the assessment was greatly helped by their Project Manager to ensure the whole effort stayed on track.

What did you find most impressive about this company?

The quality of the security assessment was very good and comprehensive. Yet the cost and impact were relatively low. This was an effort that even small organizations can absorb to improve their security posture to help protect their organization from all the bad actors out there in the world.

Are there any areas for improvement?

None

Introduce your business and what you do there.

Our application supports clinical trials. I’m our vice president of technology.

What challenge were you trying to address with FRSecure?

Our industry is heavily regulated, and we need to keep our data security HIPAA compliant. We needed help assessing the level of our information security, and reached out to FRSecure for their recommendations and improvements.

What was the scope of their involvement?

Initially, we signed up for their virtual CISO (Chief Information Security Officer) program. They reviewed our policies and standard operating procedures to find any gaps, and they examined the physical security measures within our office. From all the information they gathered, they built a report that outlined our strengths and weaknesses, and a playbook that that suggested improvements for our weakest areas.

What is the team composition?

There is a project manager, but most of our interaction is with the Virtual CISO they provide. We meet with her once a month to review any new information or incidents that arise.

How did you come to work with FRSecure?

They’re a local company that could provide the level of engagement we were looking for. They came to our office and gave a good presentation of what they could do for us, and we felt that they would be the best fit for our needs.

How much have you invested with them?

We spend around $3,900 per month.

What is the status of this engagement?

The collaboration started in May 2018 and is ongoing.

What evidence can you share that demonstrates the impact of the engagement?

Since our industry is so highly regulated, we wanted to be sure our security was performing as well as it possibly could. We are subject to customer audits, and FRSecure helped us strengthen our policies and operating procedures to frame us in the best light with our customers.

How did FRSecure perform from a project management standpoint?

They manage the project well. Because of the virtual aspect, a lot of our interaction is over the phone. They follow up with summaries of all of our meetings, with useful ideas for next steps.

What did you find most impressive about them?

There is a lot of depth to their background in information security and physical security. They know how to provide full coverage and give good suggestions to eliminate gaps.

Are there any areas they could improve?

I can’t think of any areas of improvement for them at this time. We have a good relationship.

Do you have any advice for potential customers?

Be honest about the current status of your information security programs; don’t try to hide anything. They will be able to help you best if you are open with them.

Introduce your business and what you do there.

I’m the VP of operations at SERVICE 800. We provide voice of the customer (VOC) services to help our clients measure the satisfaction of their consumers.

What challenge were you trying to address with FRSecure?

Data protection laws recently shifted from the relatively lax International Safe Harbor Privacy Principles to the more strict GDPR framework. In preparation of migrating our physical servers to the cloud, we wanted to ensure our clients’ data continued to be secured as outlined in the new policies.

What was the scope of their involvement?

Our first involvement was contracting FRSecure to perform an external vulnerability scan. They followed up with a more thorough, two-day day scan of our physical site, including our cameras, windows, rooftop access, and servers. After finishing the assessments, they generated a detailed roadmap of where our data protection currently stands and where improvements could be made. The report included a list of what they discovered and the measures that we should take to resolve them; their team meets with us each month to track our progress. FRSecure also helped us draft a new NDA that requires our subcontractors and consultants to adopt GDPR-compliant policies.

What is the team composition?

They have a designated vCISO for our account, but we also interact with the CEO, the sales team, and the IT department.

How did you come to work with FRSecure?

A simple web search led us to FRSecure. They provided all of the security scans that we needed. Considering that they also had an office close to ours helped as we met with them in person before deciding to hire them for the job.

How much have you invested with them?

We’ve spent about $30,000 to date. 

What is the status of this engagement?

They did the initial scan in July 2017, and they returned in October 2017 to complete the full assessment. We plan to continue working with them beyond our one-year agreement.

What evidence can you share that demonstrates the impact of the engagement?

In the past, we had to make certain assumptions that our data was protected. But FRSecure revealed areas that could be improved. Since using their services, we have the comfort of knowing that all of our policies are up-to-date and compliant with the new regulations.

How did FRSecure perform from a project management standpoint?

We have varying levels of technical proficiency with our staff, yet FRSecure was able to explain the recommended corrective actions coherently to our entire team.

What did you find most impressive about them?

FRSecure offers a wide range of services at a fraction of the cost compared to hiring those same skills internally/full-time. In addition, they’re exceedingly transparent about their security testing methods. Vendors don’t typically disclose all of the secrets to their success, but FRSecure regularly hosts meetings for all of their clients to attend and learn about the latest in cybersecurity news.

Are there any areas they could improve?

Due to the numerous changes in data security, we could miss out on a lot if we didn’t read their newsletters or attend their conferences. However, whenever we have raised questions on new services, they are quick to respond.

Do you have any advice for potential customers?

FRSecure’s data protection services are an excellent investment, so don’t hesitate to reach out to them.

Introduce your business and what you do there.

I am the president of Schuler Shoes, a retail store company with nine locations in the Minneapolis St. Paul area and an online presence. We’ve been around for 125 years.

What challenge were you trying to address with FRSecure?

We needed a technology specialist to create a roadmap to identify the information security threats we are exposed to as well as ways to approach them in order of priority based on the risk of the threat and related to our business needs.

What was the scope of their involvement?

FRSecure started off with a general collection of data over the phone and sent us some documents to allow access to our security systems. Then, they walked us through the scope of the work.

For the main portion of the project, they came onsite and asked us questions to understand our company and its requirements. Then, their team did some offsite work, scanning our security for vulnerabilities. Using the gathered research, they prepared a 200-page report highlighting our strong points and places that needed improvement. They also provided a checklist in Excel with showcasing the security and functions that we could improve, which they took us through step by step. Finally, FRSecure created security policies to help guide and direct our IT team from a policy and HR standpoint.

What is the team composition?

We had an initial sales contact, and then once we signed on, we were assigned a project manager. We were also provided two technical specialists that helped us with the onsite work.

How did you come to work with FRSecure?

A previous employee of ours introduced us to FRSecure. We liked that they were local and understood our business a little—even before we hired them.

How much have you invested with them?

We invested $17,000 in total.

What is the status of this engagement?

We worked with them in March 2018 and ended the engagement in April 2018.

What evidence can you share that demonstrates the impact of the engagement?

It is a little early to measure results. However, through security scans they did, we found ways to secure against external threats and hackers. The policies they created for internet use, computer use, and device use from home also secured our systems.

FRSecure's expertise, in general, has been very useful for us and they found technical solutions that we wouldn’t have known about. The results are still coming in, but so far it's already been worth the time and money we've spent.

How did FRSecure perform from a project management standpoint?

They were easy to get a hold of for questions and great at communicating with us. They worked autonomously and made the process easy.

What did you find most impressive about them?

FRSecure have a lot of experience, knowledge, and understanding of the landscape. They have a lot of clients who have more regulatory requirements such as health care providers, and we could tell they were professionals. They were very friendly and always polite with their suggestions. Their team was always trying to improve our business.​

​​​​​​Are there any areas they could improve?

The process relied heavily on the interviews and that took a long amount of time. Smaller companies, like us, would benefit from maybe a more miniature version of the discovery process to save some time and money. However, overall, they did an excellent job. 

Introduce your business and what you do there.

I’m the security administrator at a high-end printing company. We do printing primarily for fashion retail, financial, and healthcare industries.

What challenge were you trying to address with FRSecure?

We have access to a lot of our customers’ secure and sensitive data in order to print catalogs with their clients’ mailing addresses and send them out. As such, we need to have a strong security system to protect that data. Ours was a bit scattered and weak when I was hired, so I was looking to revamp our security policies and procedures, particularly involving security audits. FRSecure provided their expertise to guide that process.

What was the scope of their involvement?

Security auditing is one of the largest aspects of FRSecure’s work with us. It assures our customers that we are as secure as we claim to be and they can trust us with their data. Every two years, they do a comprehensive two-day audit of administrative, technical and physical security systems. I provide them with documentation of our security procedures, as well as other evidence I can offer to prove we’re doing everything we can to protect our customers’ internal data. 

After they’ve completed the audit, they deliver a graded report with recommendations on what we can do to improve. That recommendation is extremely important to us because it helps us prioritize the issues that need to be addressed.

Beyond audits, FRSecure has advised on a lot of our security policies and procedures. They’ve designed some of the security awareness and incident response training we send out to our employees. They’ve also come on site and given live training to our employees. 

Another large part of our partnership is their assistance on our payment card industry (PCI) certification. To collect credit card data, our credit card data security system has to be audited and pass the PCI certification. PCI council allowed FRSecure to be our PCI auditor which has been greatly helpful because they know our system so well. With their recommendations and assistance, we’ve been able to pass our PCI certification for the last three years. 

What is the team composition? 

In the early days of our partnership, we worked closely with FRSecure’s CEO and founder, Evan Francen. As the company grew and Evan took on more responsibilities, we began working with our own security advisor and project manager from their team. We also work with a variety of additional people from their team depending on the project. Currently, we’re working closely with about five people from their team.

How did you come to work with FRSecure?

One of the sales reps cold-called us to offer their services. After doing a bit of research on them and meeting with Evan, we decided to move forward with them.

What is the status of this engagement?

We began working with them in 2012. Currently, we work with them on a monthly retainer basis.

What evidence can you share that demonstrates the impact of the engagement?

Thanks to FRSecure’s PCI audits and recommendations, we’ve earned a level one PCI certification, which is the highest level you can achieve. 

The higher level of security we’ve achieved with their guidance has allowed our business to grow immensely. Clients trust us with their sensitive data and that wouldn’t be possible without FRSecure’s services.

How did FRSecure perform from a project management standpoint?

We’re very happy with their performance. They remain available to us whenever we want to communicate, whether it’s about current projects or any security incident we have to respond to. We primarily use email and phone to communicate with them.

What did you find most impressive about them?

They’re extremely personable. I know their staff on a first-name basis. Despite them being a growing business, I still feel like I’m working with smaller, personalized security consultants. I never feel like I’m bothering or burdening them when I reach out. They’re always available and willing to help.

Are there any areas they could improve?

This isn’t an area for improvement, but I would suggest that they make sure to maintain the small, personalized feeling of their firm despite its growing clientele. I think it’s what distinguishes them.