Well yes, oddly enough, it's been 10 years since the birth of this exciting project that is LEET Security.
It was December 2010 and it had been 6 months since I had disassociated myself from my previous project. After declining to accept the offers that had come to me (they only gave me more of the same, at most, and I wanted new challenges) I began to think about the opportunity to create my own project. After 12 years in the world of security, it was in my head to create something aimed at increasing transparency and making insecurity comes at a price. My first idea was to create something like a market similar to the one that exists for pollution rights (yes, a rating agency was not my first choice) so that those who wanted to pollute (aka. Not invest in safety) would have to pay thus. After thinking about the details a bit, it seemed almost impossible.
As a result of this idea, I realized the difficulty of "measuring" security since it depended on the level of risk and this, by definition, is different for each organization (you know, because of the issue of risk appetite ). So I got involved in solving that problem and to solve it, I opted for the way of measuring a complementary of the "immeasurable" magnitude: the level of security measures (ceteris paribus, the more robust the measures, the lower the risk level). And so the first cybersecurity rating agency was born.
It was not an easy decision. First, because the economic situation did not invite entrepreneurship, second because creating a rating agency in Spain was "weird" and, third, because it was necessary to change many inertia in the world of cybersecurity to introduce a new figure, such as that of rating agencies (very common in other worlds, but nonexistent in cybersecurity). But I have Extremadura blood and that must entail a certain adventurous madness, well that, and the fact that I had the support of my wife who encouraged me to try and helped me from the first moment.
From there, 10 exciting years of business adventure in which there has been everything: best and worst moments, great successes and great failures ... but, above all, a great personal and professional journey in which I have been able to enjoy every moment and gather some unbeatable travel companions: my current partners (who joined between 2014 and 2015) and the companions with whom I share my day to day.
We can't say it was easy, but looking back, those early rises on the 6am flight to Brussels, those weeks away from home, those years without holidays (and even a global pandemic !!) ... they have been worth it. Today we can say that the future is more hopeful than ever: the use of rating by insurance companies to assess cyber risk, the financial sector's commitment to our rating as a mechanism for evaluating its supply chain or the new certification scheme for Critical operators based on our methodology make us look to the future with enthusiasm and with reinforced spirits to continue pushing to change the rules (#changetherules).
But above all, after these 10 years, the general feeling that remains is one of deep gratitude: To my wife for cheering me up and stoically supporting my moments of downturn, to all the people who have joined the project (thanks to them, LEET Security is no longer a personal project but is enriched by the contributions of an incredible human group) and to all those who have trusted in the project and, above all, to all the people who have listened to us and contributed their opinion and their vision. Without all of them it would not have been possible. Now we have to continue betting on a different way of doing things, both outward and inward, because there is only one way to be successful: Be authentic, define your own path and dare to walk it.
CEO and Founding Partner of LEET Security.
All you need is LEET!
Subscribe to our newsletter here.
You can follow us on twitter.com/leet_security