The TALAS Mission & Vision
The TALAS Mission is to simplify, organize and strengthen cybersecurity.
Our vision includes a world where organizations bring cybersecurity to the forefront of their business. Where cybersecurity is viewed, managed and integrated across every aspect of the organizational mission.
Meet the TALAS Team
Paul Marco is a Co-founder of TALAS Security. He has over 20 years of IT and Cybersecurity experience spanning the areas of Cybersecurity Operations, Incident Response, Vulnerability Management, Identity and Access Management, Threat Intelligence, and Engineering. Paul specializes in designing Cybersecurity solutions and operationalizing cybersecurity control.
Owahn Bazydlo is a Co-Founder of TALAS Security. He has over 10 years of IT and Cybersecurity experience with a focus on Cybersecurity Strategy in both the Operations and Engineering spaces. Owahn is a trained six sigma greenbelt and specializes in process development, optimization as well as establishing and organizing long-term Cybersecurity strategies.
The TALAS Story
When we set out to build TALAS in June of 2021, we knew what we were after. We wanted to build a Cybersecurity service that made sense of it all. A service that would allow people to simplify cybersecurity, get organized around cybersecurity control, and know where to focus resources to strengthen their cybersecurity program. Simple, right? It was time to invest in a whiteboard. This is how we got there…
We knew we needed to make Cybersecurity simple.
Cybersecurity is complex. An effective cybersecurity program will cross multiple security domains including Access, Networking, Risk, Governance and Incident Response to name a few. These domains are complex enough on their own to require dedicated teams to implement and administer these functions properly. The complexity within cybersecurity comes from needing all of its parts to work together seamlessly. Knowing this, we needed to figure out how to take this overwhelming thing and make it easy to understand, connect and consume. After months of discussion and research we found our answer, control. This led us to develop a proprietary framework that allowed us to focus all of the basic elements of cybersecurity back to a single concept, control. This was the birth of the TALAS Control Stack, a way to make sense of any cybersecurity program and a way to make complex concepts easy to organize and simple to understand.
Cybersecurity does not work when it’s just point-in-time.
Another issue we had to tackle is the speed at which cybersecurity moves. The cyber landscape is constantly evolving. Networks, threats, technology, the attack surface are all in perpetual change. The speed at which cybersecurity moves makes point-in-time services obsolete. As a result, we knew we had to change the way traditional assessments work. We needed assessments to be fast, efficient, and to ensure that our services would not just inform but would enable. This meant that our customers had to be equipped to take action and to leverage the tools and methodologies we would deploy to ensure their program continued to move forward well after we were gone. This is why tools and reuse became such an important part of our service delivery. We didn’t just build the assessment mechanism but focused on building the tools and processes that would ensure that our clients were equipped to keep their program moving.
“This meant that our customers had to be equipped to take action…”
Success is about knowing where to focus limited resources.
As powerful as simplification can be, success in the Cybersecurity space is really about prioritizing risk and knowing where to focus. This is why our assessments are built around identifying and addressing the quickest risk reductions first. On average 40% of our directives are low cost / low effort and can immediately reduce risk with minor configuration changes, in most cases without incurring any cost. The key for us was being able to ask the right questions at scale. We knew that most organizations have a tremendous amount of institutional knowledge, but only a fraction of that information is actually written down, let alone kept up to date. This led us to focus on building mechanisms that would extract that institutional knowledge from entire organizations, allowing us to accurately identify where opportunities for risk-reduction exists. Once we identified how to get at the right information, it was as simple as building the formal tools and processes that enable our clients to manage their risk.
“…can immediately reduce risk with minor configuration changes, in most cases without incurring any cost.”
So, what’s it like working with you?
We love Cybersecurity. We spent our career building large complex cybersecurity programs for enterprise companies. With shifting threat trends and the proliferation of attackers targeting the most vulnerable, it was time to make enterprise grade cybersecurity available to everyone. For us, this is about the mission. This is about our ability to enable our customers to control their cyber risk. We have found that most organizations have many of the components needed for a foundational cybersecurity program and with minor changes, they can make major impacts. As we go through and complete our services, our clients are excited to see all of the opportunities they have to immediately reduce risk. We have found that everyone wants to secure their network, it’s just overwhelming. Once you know where to start, it all makes sense.
“…with minor changes, they can make major impacts.”
What’s a TALAS?
We get asked about our name a lot “Why TALAS?” As we were building TALAS, we had multiple conversions about why we were building the company. We wanted to know who we were, what we wanted to accomplish and why we were doing this. As we dug deep into these questions late into the evening hours, we kept coming back to different variations of the same statement “If we could just get organizations to take a look at security.” Over and over, we would discuss different topics it would come back to this same theme “… if they would really Take A Look At Security” So when it came time to name the company, the answer was literally scribbled across all of our notes, staring back at us. TALAS is actually an acronym, this is why it is always capitalized. It is made up from each first letter from the statement “Take A Look At Security.” For us this is not just a name, it’s part of who we are, it’s how we think, and it’s why we are here.
How do you know this works?
Over the course of our careers, we managed multiple large cybersecurity programs. As most cybersecurity professionals do, we focused on our obligations; hitting specific maturity targets as compared to industry cybersecurity frameworks and answering audit points. This worked well - until it didn’t. One evening we got the call “Something is not right.” As the team mobilized, and we worked to address our issue, all of those maturity points and audit findings suddenly didn’t matter anymore. All that mattered was our ability to control our network. That event changed our perspective.
In this case we were lucky, the issue was not an attack but a simulation. But that new perspective stuck with us. Our attention shifted away from meeting audits and chasing maturity points to focusing on ways to implement cybersecurity control. We focused on capability, on process, on enforcement. The irony came when our subsequent audit findings dwindled, and our cybersecurity maturity scores started to increase organically based on our newfound focus, a focus on control.
Our Values
Simplify. Organize. Strengthen.
Everyone Appreciates Efficiency.
Visualize Everything.
Build for Defense and Organize for Compliance.
Focus on Control.
Think Like an Adversary.
Plan, Disrupt, Recover.
Don’t Just Assess, Enable.