HireBrain Accelerates InfoSec Program to Land New Clients

The Challenge

Seeking a security platform that would meet budget and capacity constraints as a young, growing hiring platform

When not one, but two vendor security questionnaires from potential enterprise customers were presented as requisites to do business, the team at HireBrain, a hiring enablement platform company, began weighing their options on how best to tackle the incoming security requirements.

Outsourcing a CISO or building an information security program themselves were the first options that came to mind. However, as a startup, their budget and bandwidth would be among the primary factors that would drive their decision.

“[A security program] became something that we needed, but didn’t want to set it up ourselves,” said Julie Goff, HireBrain COO. “It was a showstopper for these two enterprise customers. We were in the sales cycle with them, and we were either going to get to a place where they wanted to do business with us or they weren’t. So it was a natural impetus to get our house in order, but we also wanted to do it in the nimblest way we could.”

The organization sought to strike that balance between protecting their customer data with a robust program without creating excessive workloads for everyone on the team.

Rohan Mishra, Director of Engineering at HireBrain recommended his team reach out to Ostendio, with whom he had worked in the past.

“I didn't even know these tools existed until Rohan brought it to us, so I was really excited because financially it was not nearly as costly as a fractional CISO,” Goff said.

“Even if you find someone else to [manage your security], there are going to be things they want from you,” Mishra said. “No third-party CISO will know everything that’s going on in your company. You know everything that's going on in your company and outsourcing the creation of a policy to someone else that you are not going to follow is not beneficial.”

With the organization’s security, budget, and bandwidth in mind, HireBrain officially kicked off their in-house security plan with Ostendio.

"No third-party CISO will know everything that’s going on in your company. You know everything that's going on in your company and outsourcing the creation of a policy to someone else that you are not going to follow is not beneficial."

Rohan Mishra, Director of Engineering, HireBrain

The Solution

Implemented a people-first security program along with new security policies to address enterprise-level security requirements

The HireBrain team launched their relationship with Ostendio in August 2022, leveraging Ostendio to build their framework and organize evidence demonstrating their compliance with dozens of security requirements. By the end of 2022, HireBrain had their initial program built and set up in the platform.

To do this, they took advantage of the platform’s built-in policy bank of over 90 policy and procedure templates. They also tapped into the KnowBe4 Security Awareness Training library to get all staff members set up on necessary compliance training.

“By the end of 2022, we were in a rhythm,” Goff said.

Tickets, audit tasks, and individualized, role-based trainings have been the most commonly used Ostendio features among the HireBrain team. The feature that gets the most use: documentation.

The Ostendio Documents Module has allowed the HireBrain team to:

Upload and manage multiple file types, including document, spreadsheets and media
Store and distribute business, security, legal, HR policies, procedures, contracts, department collateral and more
Store documents in a draft or published version for broad distribution, including customizable requirements and acknowledgements by electronic signature
Control document versions with a full archive of all previous versions

“Documents has been the most used feature so far, primarily because we didn't have any document policies initially, so that's where a lot of iteration happened,” Mishra said.

Goff said that the team has already seen several benefits from using Ostendio every day, from the ease of onboarding and offboarding employees and third-party providers to helping them scale their security as they bring in new business.

When new enterprise customers come to HireBrain with security requests, Goff said they have no doubt they’ll be ready.

The Result

HireBrain proves early-stage startups can be enterprise-ready with a robust InfoSec program in a centralized platform

“I like the idea of using Ostendio as a single source of truth,” Mishra said. “We’re not switching from one infrastructure provider to another. We know everything is in that one place.”

He said Ostendio has helped keep all security documentation and protocols organized and continuously builds out data points so they will know the steps to take to demonstrate evidence when it comes time for an audit.

A key reason HireBrain chose Ostendio in the first place came down to a group understanding that “security is a journey.”

“We’re all viewing it [as a journey],” Goff said. “There are a lot of shops out there that are fractional CISO services, but I think we were in a position where Rohan and his team were very capable of [building out the program in-house].”

Keeping their security in-house with the use of Ostendio helped the team save money and have a sufficient process in place in only 5 months, without exhausting time and resources hiring and onboarding a fractional CISO.

“It’s important that leadership takes cognizance of the importance of security and utilizes the tools available,” Mishra said. “This would, in the long-run, lower your compliance costs.”

Ultimately, the HireBrain team feels that this is a milestone in their progress toward growth and will allow them to continue pursuing large customers.

“I think the thing that is pretty cool is a company of our size and our age is enterprise-ready,” Goff said.

“I like the idea of using Ostendio as a single source of truth. We’re not switching from one infrastructure provider to another. We know everything is in that one place.”