Skip to Main Content
Scotiabank Digital Banking Lab

Security Compass


Security & Identity | Toronto, ON | Founded: 2005 | Employees: 150| www.securitycompass.com


PHONE: (888) 777-2211 | LINKEDIN PROFILECRUNCHBASE PROFILE 

Last updated March 25, 2019 | To download a PDF version, click here

 

Company Overview

Security Compass is a software security company based in Toronto, Ontario that provides organizations with knowledge, training, and technology to create secure software.[1] The company provides advisory, e-Learning and SD elements, an automated software security identification platform.  

[1] https://globenewswire.com/news-release/2018/04/03/1459253/0/en/Security-Compass-Releases-New-Risk-Dashboard-Capability-in-the-Latest-Version-of-its-SD-Elements-Platform.html


Senior Management

Nish Bhalla: Founder, CEO (2005 - Present). Previously: Founder and CEO, SD Elements (2001- Present); Principal Consultant, Foundstone (2001 – 2004); Security Consultant, Infotek Solutions (1998 – 2001); Education: MSc., The University of Sheffield; PGDA, University of Strathclyde; B. Comm, Bangalore University.

Rohit Sethi: COO (2016 – Present). Previously: Vice President, Product Development, Security Compass (2011- Present; Consultant, Deloitte (2004-2006); Business Analyst, ADP (2000-2003). Education: BSc., The University of Western Ontario.

David Rea: CFO (2015 - Present). Previously: CFO & VP Operations, TELoIP Inc. (2008 – 2015); Director of Finance, Bell Canada (2004 – 2008); VP Finance & Operations, C5 Group Inc. (2002 – 2004); Corporate Controller, Burntsand (2001 – 2002); Director of Finance, AT&T Canada (1999 – 2001). Education: MBA, University of Toronto – Rotman School of Management, BA, University of Western Ontario.


History

Working in the software security space in leading-edge firms such as Microsoft, Nish Bhalla realized there was no software security presence in Canada.[2] He looked to create value and bring his experiences into Canada. Starting as a consultancy offering penetration testing, it now offers its own cybersecurity software and has grown into 5 offices spanning from San Francisco to India.  

[2] Personal Interview with Nish Bhalla, CEO


Funding

Founder Nish Bhalla worked to build a company using personal funds.[3] Cash flow in the initial stage was generated by working in personal consulting engagements. Government grants were also utilized, such as IRAP and SR&ED.  However, the company acquired funding from BDC in 2012, for an undisclosed amount.[4]

[3] https://www.canadianmanufacturing.com/manufacturing/security-compass-learned-to-speak-the-language-of-investors-and-found-the-right-financing-to-seize-the-day-146204
[4] Personal Interview with Nish Bhalla, CEO


Key Corporate Developments

Sept 5, 2018: SD Elements now features Operational Security Requirements for Microsoft Azure, AWS, Apache
March 19, 2018: Security Compass named winner in 14th Annual Infor Security PG’s 2018 Global Excellence Awards
March 1, 2018: Security Compass and (ICS)² Launch New Certificate Program to raise baseline app security knowledge

 

Business Highlights

Strategy

Security Compass offers 3 distinct services:

  • SD Elements – Company unique product that automates software security requirements across the software development lifecycle (SDLC).
  • Advisory – Works with companies to understand their product development cycle and advise in integrating software security into their processes.
  • Training – Offers Personal and enterprise cybersecurity courses on identifying critical security risks


Products/Pricing

  1. SD Elements
  • Entry Level - Offered as a shared cloud SaaS.
  • Professional - Offered as a dedicated server SaaS.
  • Enterprise - Offered as a Dedicated Server SaaS, or an On-Premise option.
  1. Advisory
  • DevSecOps/ Advisory on a secure Software Development Lifecycle – providing guidance to companies on integrating security testing into their product lifecycles such as static application security testing (SAST).
  • Penetration Testing – Perform a Black, Gray and White box testing of client product to ensure the application is secure of breach.
  1. Training
  • Enterprise – Offers training modules on secure coding on Java, .NET, C++ and ios.
  • Personal – Offers learning curriculum available through online channels, from basic app security to identifying vulnerabilities on popular coding platforms. Classes range from $143–750 USD.


Technology

Security Compass uses the knowledge of the logic behind the coding of various languages (C++, Java, .NET) to find critical breaches in software code and offers security solutions as value propositions within their business model. SD Elements is designed to automate the software security identification process.


Distribution/Logistics

Security Compass offers demo services for all its product offerings directly available from their website, as well a sales department to promote its consulting/security solution offerings.


Marketing

Security Compass publishes whitepaper/reports on Application security and compliance. Additionally, the CEO has appeared in various media new segments on security, from BNN and Yahoo Finance on the Equifax Security Breach.[5] The company looks to provide resources, sponsor and speak on security to establish its brand in the cybersecurity space.

[5] https://www.bnnbloomberg.ca/business-day-pm/regulation-in-the-software-security-space~1212296

 

Competitors

Many companies now offer security advisory services for software-based firms. Competitors are listed below:

  1. Veracode – (Burlington, MA) Veracode offers application security solutions for today’s software-driven services. CA Veracode is a platform that offers security solutions by scanning code to find vulnerabilities.
  2. Security Innovation – (Wilmington, MA) Security Innovation offers Software Security Services and Training. They offer an immersive learning environment, where they place users in the position of an attacker.



Corporate Profile Created By: Il Young Chung, Ivey HBA Candidate 2019