Most of the country first thought about the risk to consumers from third-party vendors when Target admitted that it had been hacked by perpetrators who got into their systems through the company’s heating, ventilation, and air conditioning (HVAC) vendor.
However, Prevalent had been making tools for companies to assess that risk long before Target’s breach. Recently named the only “Third-Party Vendor Risk Management Visionary” by the tech research firm Gartner, Prevalent works with healthcare providers, financial services firms, retailers and others to secure the data that goes to a vendor or another third party.
Cofounder and CEO Jonathan Dambrot calls Prevalent a “12-year old startup” because the company, founded on a services model, pivoted about five years ago, and has since developed intellectual property and software tools focusing on third-party risk management and threat intelligence.
Company name: Prevalent
When did you launch the company? 2004
Product names: Prevalent Vendor Risk Manager, Prevalent Vendor Threat Monitor, Prevalent Vendor Assess
CEO: Jonathan Dambrot
New Jersey location: Warren
Team: Norman W. Menz III, (cofounder and CTO); Matthew Hicks, chief strategy officer; Dave McNamara, vice president of worldwide third-party risk sales.
Any employees yet? Yes, 40. And at the end of the year, our strategic plan calls for us to have 51. We are aggressively adding people from a sales and marketing perspective. We are also adding a number to people on our development, success and engineering teams. Our primary focus is to make sure we stay ahead of the market from the technology and thought leadership perspective.
Funding: We received a $4 million strategic growth equity investment from Fulcrum Equity Partners, a private equity firm headquartered in Atlanta, in 2014. Fulcrum has been a fantastic partner for us. It’s made up of CEOs, CFOs, and other executives of different organizations who come together in a fund, investing in companies across the country. Jim Douglass, a former CFO with some payment technology companies, sits on our board. We are getting great advice from Fulcrum, and they’ve helped us grow our business.
Market you are serving: The data breaches and regulatory requirements are driving our business. The market is relatively horizontal, since everyone is trying to deal with the issues we are solving. Our customers come from a couple of core verticals. We deal a lot with financial services, healthcare and retailers. But we also have significant business from law firms that support the financial services vertical because regulators are requiring them to protect sensitive data from financial institutions. There is also significant activity around utilities because of their focus on critical infrastructure. We have some Fortune 50 manufacturers who have also bought the platform, and they see our products as part of their security infrastructure as they outsource more of their products.
1. What is your New Jersey connection? What brought you to New Jersey, and do you plan to stay here?
I am a Jersey guy and I have lived here since I was nine. My family moved to Mendham from Westbury, Long Island. I don’t expect we’ll be leaving New Jersey any time soon. We started the business in Bedminster and we are now in Warren, and we’ve just doubled the size of our space. We are finding fantastic talent in New Jersey among people who don’t want to travel to New York.
2. What problem are you solving?
We provide a way for companies to have visibility into how secure their third-party vendors are. We are basically in the cybersecurity business, with a focus on third-party risk management and risk intelligence. People use our software and platform to understand the security around locations that they send their data to, so that those third parties and vendors can also be secure.
3. Why can you address this problem better than anyone else?
Prevalent’s software products are purpose-built to solve our client’s third-party risk management challenges. We actually talked about this topic a lot with Gartner when they named us the only “Visionary” in the IT vendor risk management market. Their assessment was developed according to several parameters, including completeness of our vision and our ability to execute. Normally, a company trying to figure out the security issues facing their vendors would send out a questionnaire and ask the vendors to send responses back. However, this is a moving target. Breaches are taking place all the time, and a company doesn’t have time to wait for a questionnaire to be returned to get visibility into their vendors. We took a different approach. We made a purpose-built toolset, a security framework and we were the first in the industry to tie big-data analytics and threat intelligence that we collect on these organizations into the mix. We buy data from hundreds of data sources, we aggregate that data, we analyze it. We look at IT risks, IP addresses, and also financial viability and other operational risk. We pack all this data together and associate it with the vendor. We can identify high level risks, and if you want to perform a further assessment we can manage that process. The reason people are choosing us is that we tie assessment and threat intelligence together and do continuous monitoring, giving them actionable information about their third-party vendors.
4. How did you come up with your startup name?
Norman and I were brainstorming, and we both thought that “Prevalent” was a good, strong name that identified what we do. We wanted something strong like “Prevail” or “Prevalent.” We decided on “Prevalent.” Norm recently found the original napkin this is written on and it sits in our office. Our tagline is “Information anywhere, security everywhere.” We wanted to convey the idea that we could put security everywhere.
5. What was the biggest mistake you’ve made so far in your entrepreneurial journey, and what did you learn from it?
I think about this a lot. In the beginning, we chose a business model that focused on supporting our customers from a services perspective, leveraging the intellectual property of third parties. Customers saw huge gaps in the market and kept on asking us about filling them. We probably should have started developing our own intellectual property earlier. We started development five years ago.
6. When was the last time you thought about quitting your startup and going back to corporate life, or doing something else? What got you to stay?
Like everyone, you get offers once in a while, but I can honestly say I’ve never thought about quitting in any context. I love what I do and I get up in the morning and I’m excited and enthused about it. Clearly, when you are in the middle of a crisis, things are hard, but I don’t think it’s any easier anywhere else. We are building something extraordinarily important.
7. If you could go back in time, what would you do differently?
We might have gone after funding and venture capital earlier. We waited a long time on this, and I’m not sure if it was a positive or a negative. We actually built a business, and many companies get funding before they build a business. There are different schools of thought on this. Half the people say you were smart to keep equity in your pocket, and the other half say we should have looked for money earlier.
8. What’s the best place to find founders to network with?
I do a lot of work with Shared Assessments and chair the steering committee. This is a member-driven organization that focuses on third-party risk management and is building thought leadership in our area of expertise. I spend a lot of time there with leaders in our industry and talk with other CEOs, CFOs, etc. there.
I also have a passion for life-long learning and sit on the Penn State outreach advisory board. I think the way we educate people is changing rapidly. You will always have the Harvards and Yales, the elite colleges that will be very selective and very expensive. However there is an unaffordability that is a reality. People want to be life-long learners in a meaningful way, but they can’t go to a classroom. We want to drive education from serving 20,000 students/year today, to 45,000 students/year in five years. I meet incredible leadership at Penn State, and have formed relationships that have helped me in business.
9. What does your family think about you being an entrepreneur?
Norman and I were working at another firm when we started forming the idea for Prevalent, and we went to our wives and said we wanted to do this. My wife was very supportive. We were making good money at the time, so she asked how much I was going to make in the new venture. I told her, she had it wrong; we were going to be putting money into the business. Our wives supported us for the first year, but we actually did very well. We didn’t get back our salaries we were making in corporate America for a year and a half. My family has been extremely supportive of me during the process, and I couldn’t have done it without that support. We have three daughters, and it continues to be hard since I travel a lot.
10. What has helped you the most to achieve your current success?
I would say sticking to my core values. We developed core values for the firm, and one that is included in that list is life-long learning. I went back for my MBA and multiple certifications. I read a ton. To stay relevant in security and risk management, you have to keep up-to-date on everything that is out there. The last book I read was Scrum, by Jeff Sutherland, the person who developed Scrum agile methodology. You just have to keep as relevant as possible and education is critical to this.