Starting off in a small serviced office, the business now has 12 employees, most of which are IT security technical consultants. Just last year Sense of Security opened its second Australian office in Melbourne.
"We started off with the two of us and our business has thrived from day one," says Murray GoldSchmidt, managing consultant and director. "We have no debt and it has always been profitable."
GoldSchmidt and Edelstein met while working at Dimension Data as IT security consultants. GoldSchmidt, a qualified electrical engineer, had worked in IT security firms, and Edelstein, who has a Bachelor of Economics in Accounting and Masters of Commerce, was previously employed by Ernst & Young and Deutsche Bank.
"We took a hobby and a passion and made a business out of it. Everyone who works at Sense of Security shares the same ethos," says GoldSchmidt.
The pair recognised the complex and sensitive nature of information at a time when access to information and the speed at which it flowed was increasing.
More importantly they understood the importance of ensuring the secure transfer of information, a segment of IT they say lacked attention.
"We believed there was a requirement in the market to service Australian companies and organisations, particularly focusing in matters around information security," says GoldSchmidt.
"We think to be a leader in this space security has to be your prime focus. We cannot be distracted by services in unrelated areas. And that philosophy has proven true to ourselves.
"We have attracted many leading organisations as clients. They come to us specifically for our expertise in a space that they can't find elsewhere," says GoldSchmidt.
Today, the consequences of data loss are a costly concern. In the US, regulation in most states forces businesses to publicise the issue by disclosing data breaches. That's not yet the case in Australia however the lack of publicity doesn't mean breaches don't occur here.
A recent Symantec survey found that more than half of small businesses in Australia said they had experienced a security breach which included instances of unauthorised access to information where data was lost, stolen or hacked.
"Cybercriminals are making a living out of stealing data. Their business is ahead of the game," says GoldSchmidt.
"Overall, and not only for Australia, things are getting worse before they get better. The fact is that there are more security attacks every day," he says. "People really need to take it seriously if they want to take care of their information."
The growth of virtualisation also poses a concern, says GoldSchmidt. At the AusCERT Conference in May, Sense of Security presented a paper on the pitfalls of virtualisation in which they claimed that most implementations of the technology are insecure.
Regulation helps mitigate these threats, says GoldSchmidt, but he adds regulation alone is not enough. "We're a fairly regulated environment, but for example the financial sector is far more regulated than the retail sector. So they would be much more vigilant than the retailers would be."
A typical project sees Sense of Security's technical consultants assess a client's situation, determine whether their controls are adequate or deficient, and advise on rectifying problems.
For this service provider, products are viewed only as ways to fulfil the needs of the company's consulting service.
When browsing on Sense of Security's website, there are no signs of products or vendor partners, a strategy that ensures independent IT security and risk management advice, says GoldSchmidt.
"The difference between just selling products and providing a consulting based approach is that just selling a product detracts from the independence or the expertise that is required to determine what is required in the first place.
"We provide consulting services on the back of wanting to sell products or wanting to supplement it as a product. Products come as a byproduct of providing expert consulting services."
GoldSchmidt believes this so strongly that he declined to name the company's vendor partners.
Sense of Security offers a variety of services around assessment and assurance, strategy and architecture, deployment and ongoing management for its broad range of government, business and non-for profit customers.
Additionally, some of the work the consultancy does is around general security best practice. Others include regulation and risk management advice.
"Sometimes businesses are concerned that they might not be deploying or implementing their systems securely and they want an independent third party to validate it for them.
"A lot of organisations come to us [for] assessment services for online applications where people are doing some sort of online, transaction-based activity," says GoldSchmidt.
"Companies that might have online shopping applications have an obligation to comply with PCI DSS. We can assess them to be in line with their obligations for that standard."
Sense of Security also advises its clients on internal procedures for multinational organisations that require internal standards in their branch offices. These are mostly US-based companies that require their Australian branch to demonstrate compliance with their technical procedures.
"We validate those and provide a report whether they are compliant or not compliant," says GoldSchmidt.
For Sense of Security the size of the client is irrelevant; it's more about the customer's requirement for information security, says GoldSchmidt.
"You might have a smaller organisation that plays in a big space. For example, we work with payment gateway service providers, which are highly automated systems that transact millions of credit card transactions. But the size of the organisation may not be substantial. Or it could be a big company such as a bank with 10,000 employees," he says.
This year business is strong despite the downturn. In fact, the economic conditions have helped improve the company's revenues for a number of reasons.
Firstly, according to GoldSchmidt, disgruntled or retrenched staff as a result of company downsizing can create an insider threat which is elevated in times of economic downturns.
So organisations need to ensure that for the integrity of their brand they address security threats from the inside as well as the outside, explains GoldSchmidt.
Secondly, organisations might become the focus of a targeted attack that is intended to discredit that organisation in the industry or to tarnish their brand.
"Businesses need to be more vigilant," says GoldSchmidt.
Additionally, in these times organisations look for the least expensive option or a managed service options that has minimal overheads.
"They may choose to strike a strategic alliance with an organisation specifically on doing this. There is a lot of increase in companies wanting someone to look after them on an ongoing basis," says GoldSchmidt.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
