Michael Ferris
Cybersecurity, Compliance, and a New Partnership with Tech Data
Bryan Graf | 15 Minute Read

Cybersecurity, compliance, and everything they entail can get super complicated, super fast. Thankfully, we have great minds like Michael Ferris at Abacode to help us navigate that massively complex web! – Full Stack Talent

Roxanne Williams: Abacode is hot in the news right now due to the announcement of their partnership with Tech Data. For folks who haven’t heard about it yet, can you give us the 30,000-foot overview of the partnership? What will it accomplish?

Michael Ferris: Tech Data is a global company that provides products and solutions to partners. We’re one of the global partners in that value chain. They, along with us, have identified that the world is becoming more regulated when it comes to cybersecurity. There’s a regulation in Europe called GDPR that is spilling over into the US. Any company doing business in Europe has to comply. We all understand that this is going to be the de facto of what happens in the US. Because of that, Tech Data wanted to address the issue.

We stood up a Governance, Risk and Compliance practice to address this need, and our partnership with Tech Data is a win for everyone. As a result, we can collaborate with all of their partners and partner clients and say, “If you are in a regulated industry where you must comply to a certain regulation, we have a services practice to help get you there and prepare you for an audit, attestation or certification.” We don’t perform the audit, attestation, or certification, but we act as their liaison to guide and implement the controls necessary to meet their specific regulation.

This is a critical service. Most companies who now find themselves required to meet a compliance standard don’t have the internal resources to be able to implement these protocols and pass the assessment or become certified. Consequently, we fill a very big void, and it’s only escalating. Our partnership with Tech Data is a key component to help get the word out. This includes educating people on what regulations are coming down the pipe and what it means to their business. It’s a long-term relationship and we’re very excited about it.

We fill a very big void

Roxanne: Have you already gotten traction from the partnership?

Michael: Yes, we’ve already started having calls with their team and partners. And again, it’s a very informative call. It’s about educating the potential client or partner about how long will it take, average costs, and what they/we will need to do to meet this regulation.

Matt Vaughn: You founded Abacode almost 5 years ago. What kind of growth has the company seen so far?

Michael: We have doubled in growth every year, but I would say the most growth has been over the past two years. Rolando, Jeremy, and I were very thoughtful on how we built the business. Above all, it was important to address a specific need in the marketplace that wasn’t being met. Our first few years, we scoped out how we wanted to attack the problem we were seeing. Really identifying, understanding, and doing analysis in the marketplace. We wanted to make sure we were right on point with what the problem was, how we would address it, and then what were all the internal operational items we would need to implement in order to deliver on the promise we’re making to our clients.

Fortunately, we were funded internally. That allowed us the flexibility to build the operating infrastructure we needed to be a truly scalable company for our clients. Most companies have to hustle, sell, and then try to make up the services and try to deliver on the back-end. We didn’t want to do that – we didn’t have to do that. So, we built all the operating components of the business first and then layered on sales and some of the marketing aspects afterwards. All of our initial sales were word of mouth from a great list of clients.

Roxanne: Just so I know, you mentioned Jeremy. That’s Jeremy Rasmussen?

Michael: Yes, correct. He is our CISO and our CTO.

Matt: He spoke on the panel at poweredUP in Mahaffey. And then Rolando is the COO?

Michael: Correct. From the beginning, we’ve tried to surround ourselves with the smartest, brightest individuals we possibly can. Rolando and Jeremy are the benchmarks – both are great people and hard workers.

There’s no one smarter than Jeremy is, or more conversant and experienced in cybersecurity. He actually started the cybersecurity program at USF 17 years ago. He founded the White Hatters Club. Not only is he intelligent, but he gives his time. He teaches, he’s on the board at USF, and he’s in the community. On the weekends, he’ll have hacking events and get together with young people and kids. Jeremy led an initiative that we did with the Girl Scouts of America to receive their cyber badge. He’s just a phenomenal human being. I can’t say enough.

And then Rolando, the same thing. Fantastic human, father, parent, and partner. He’s an electrical engineer by education, very, very bright, worked at Accenture managing risk-related services on three different continents. It was really good experience out in the field.

Matt: How did the three of you meet each other?

Michael: Rolando and I were friends through our wives actually. We just clicked immediately when we connected. Jeremy and I were introduced through a mutual friend, and we hit it off as well. We saw issues in the marketplace the same way, and had the same belief system on how to grow a business.

Roxanne: You mentioned that Jeremy is in the community. Are you out in the community as well?

Michael: Yes. I gave a lot of my time to Ernst & Young for the Entrepreneur of the Year program. After I won in 2011, they asked me to be a judge. In fact, I was a judge for 5 years. It was very humbling. I didn’t know how much work that would be, but you have to be committed. When you vote on these individuals who have put a lot of blood, sweat, and tears into their business, it has to be right.

I’m also part of the International Committee for Tampa Bay. A big part of how we (Abacode) think, as a business, is global. We’re not a large firm, but we have global clients. We do business in countries all over the world, and we want to have a global view. Where is the world rotating? What are the cyber-risks, what are the regulations, what are the new technologies? What are other people doing that we can learn from?

On the philanthropic side, we give to St. Jude. They’re near and dear to our hearts. The Marine Corps Heritage Foundation in Quantico, Virginia is something we give to as well.

Roxanne: Do you have prior service members in the company?

Michael: We do. The Director of our Security Operations Center is a former military individual, and we have a few more.

Matt: Great. When you won in 2011, what company were you with at that time?

Michael: I was one of the founders at Valet Living. Pretty large company now – I think they have ~5,000 folks in 40 states. I grew that business to about 30 states before my exit. It’s a phenomenal company doing really cool stuff. Just like Abacode, we identified a need, and we fixed it in that industry.

Matt: Speaking of past accomplishments, are there any particular career highlights that you’re super proud of?

I hope to build something that gets better every day

Michael: On the whole, I’m not a real out-in-the-front guy. I would say ‘hesitant CEO’ is the word for it [laughter], but everything I do is based on the accomplishments of the company. If the companies do well, that makes me feel very proud and I (we) achieved something. That’s really my goal. I don’t go out and run for things, and I’m not out in the public a ton. I like building a business, the people, and I feel more like an artist or architect sometimes than I do a CEO. And I love the art and the science of building companies.

My main philosophy is, “If you build something great enough, it can survive without you and it will last throughout time.” That’s one of my mantras to our team or anybody who comes into one of the companies I’m involved with. I hope to build something that gets better every day and is greater over time so that you have a place and a home that you can come to. We’re not building something that we’re just going to flip for whatever reason. We want to build something that lasts, and that we want to be a part of.

Matt: Truly, a great way to look at it.

Roxanne: What’s an average day for you here?

Michael: There is no average, and that’s what I love about it. Like many entrepreneurs, I’m one of those warped individuals who loves chaos and harmony mixed together. I’m talking to clients, partners, and staff. I’m thinking about marketing, about how we communicate what we do. Cybersecurity is pretty complex. If you ask 10 people what cybersecurity means to them, they’ll give you 12 different answers.

I’m big on metrics and measuring everything possible. If you can’t measure it, you can’t perform. You have to be able to measure every part of the business. That’s a big part of what I’ve been doing lately. Finding things we can measure, and making these metrics useful for our team, leadership, and engineers. That allows us to know where we’re doing well and where we’re not. Most importantly, it allows us to see where we need to focus our time, our energy, and our resources.

Roxanne: This question wasn’t on my list, but I have to ask. Do you guys count KnowBe4 as a competitor, or do they focus on a different aspect of cybersecurity?

Michael: Great question, and I have a great answer. We love KnowBe4 and they are a partner for us. Love Stu, love the business, love the culture, everything about it. We use their cybersecurity awareness training software in our managed security services practice.

Some time ago, I was speaking to the CEO of a company, and he knew I did security. He said, “We finally addressed cybersecurity in our business. We’re using KnowBe4” I said, “Love them, we use them too.” He looked at me a little dog-eared and he was like, “Well I thought they were our cybersecurity firm.” They are, but they do something very specific: cybersecurity awareness training for employees. They do a few more things now, but that’s really what they’re known for and they have a fantastic product. But I said, “It is one component. One very, very important component – but there are many other products, services, and solutions to holistically address cybersecurity across the entire enterprise. This is where Abacode comes in. We provide consolidated cybersecurity services to a client and then bring in solutions, like KnowB4, where needed, to strategically address a client’s every need.”

I’ve been a CEO, and I’ve been a chairman of a company. My last role was Chairman of a portfolio companion for a $20 billion private equity group in Manhattan, New York called New Mountain Capital. Abacode was built to address the business of cybersecurity first, and technology second. In fact, the biggest issues out in the marketplace are really three components.

The first component is complexity or confusion. If you go to the head of IT in an organization and ask how they’re getting their head around all of the products, devices, solutions, and services that are in the cybersecurity space today, the answer is, they can’t. There are hundreds, if not thousands. The average company uses between 15 to 40 different suppliers for their cybersecurity needs. Well, that’s kind of messy, right? It’s certainly hard to keep track of.

What we do is, we quiet the noise. We help them gain visibility into all those products, solutions, and services, and we can work with them to rank, qualify, understand, and get educated on them. It’s part of the reason we set up our own cyberlab, an applied research lab where we bring in new products and solutions and learn them so that we can communicate back to our clients. We are product-agnostic. This is a critical distinction and absolutely what’s in the best interest for the board of directors, for the CEO, and the entire leadership of an organization. We are a third party coming in top down, helping the enterprise solve their cybersecurity and compliance issues for life. We utilize a cybersecurity capability maturity model.

The second component is financial. We’ll go into an organization, speak to the CFO, and ask them, “How much are you spending on cybersecurity now?” Most cannot tell us. They don’t know. They don’t know what is cybersecurity and what is not, what’s a product, what’s a service. It’s been purchased over time, which is completely understandable. But if you don’t have a handle on it and you don’t understand all of the spend, how do you forecast?

We solve that issue. We give whoever has P&L or balance sheet responsibility a single pane of glass. They get complete visibility into their entire cybersecurity spend. This way, the finance folks can make strategic decisions that save them time and money. Then, what we can also do, is consolidate their entire cybersecurity program. Instead of having 40 different suppliers for all their cybersecurity needs, they can consolidate this list or get all of their services through us, if they wish.

The third, and most important, component is compliance. Most of the C-Suite executives are non-technical leaders, but these individuals are obviously making most of the key decisions of the company, including the board of directors. They’re making strategic decisions, they’re liable in some cases as a board director, maybe a publicly-traded company. That is the group who owns the company and is responsible at the end of the day. Today, they don’t have a dog in the fight against cybersecurity.

From their vantage point, it’s confusing – they don’t really understand, and it’s an expense. They absolutely know they have to tackle it. They want to solve the problem, and they want to be secure for their clients and their partners. What we give them is checks and balances in their IT ecosystem around security. We only do cybersecurity and compliance – we don’t do anything else, by design. We’re not software development, we’re not outsourced IT, we’re not cloud, we’re not data center. They need all of those partners, and there needs to be some kind of separation of duties or checks and balances. We give them that.

This is an enterprise-wide solution. 100% of the time I have this conversation with a CEO, they say, “Why hasn’t anyone explained that to me before?” Seriously. And I say, “Most of the people you’re speaking to have never been a chairman of a company. They’ve never sat in your seat before. As a result, they don’t know what it’s like from a governance and oversight standpoint. We have that experience.”

Roxanne: I’m so glad I asked that question now. Being that you’ve spent much of your career in Tampa, have you seen a positive shift in tech talent during the last 5 years?

I think a lot of it was already here

Michael: Absolutely. I think a lot of it was already here, it was just an egg waiting to hatch. We have this undercurrent of incredible talent within our community. We just needed a nurturing environment, and that has already started to happen, especially within the three counties in Tampa Bay. The talent was here, the time just wasn’t right for them to show their light. With more technology and more companies reaching their potential and coming into town and growing, we’re seeing that come to fruition.

Matt: Definitely, which is also a shoutout for Jeremy and what he’s done to grow talent at USF.

Michael: Indeed – it’s a push-pull, and a big part of why we’re attached to academia. Not only USF but HCC, University of Tampa, and about 5 other universities that we collaborate with. In short, we want to create a collaborative environment where everyone can learn, grow, and give back to our community. You see it with Jeremy, Rolando, Mike, and many members of our team. It creates an ecosystem of talent and expertise. Two of Jeremy’s pupils in the White Hatters Club, under his tutelage, either did or now run Capture the Flag out at Blackhat and Defcon, one of the premier global cybersecurity events. And so, that spreads. I think people are finding out about the talent, and more people are coming here.

Matt: With developers, there’s still a gap in talent numbers versus open jobs, but not as bad as your space. Now that cybersecurity and compliance are booming and there is not enough people to fill them, what do you think Tampa should do to try and increase retention of cybersec and compliance talent?

Michael: In essence, I think it’s chicken or egg. As our Tampa Bay companies grow larger, they will eventually be able to pay more, and people are naturally going to stay here. I don’t believe the talent will need to be paid the highest salary for their position, because we have a great community, great people, good taxes, and amazing quality of life. Naturally, people want to be here. We just have to keep working hard to grow the companies and offer a path for employees to grow both personally and professionally. The rest will take care of itself.

Matt: What do you hope to see in the next few years when it comes to tech for Tampa Bay?

Michael: KnowBe4 receiving national recognition for their valuation was great to see. You’re going to continue to see other companies reach these heights, and this level of activity will continue to escalate. More companies, whether by their valuation or just something interesting that they’re doing in tech, are going to shine a big light on Tampa Bay. We’re working hard to be one of those companies.

From what I see, Tampa, Clearwater, and St. Pete are making heavy advances in smart city technologies as well. And, we have an incredible catalyst in the form of Jeff Vinik and Strategic Property Partners in downtown Tampa. Indeed, we’re one of the few cities in the nation that had that much land available right downtown. In my opinion, this is super exciting because you’re going to have a brand new city over the next 10-20 years. For young people coming to town, it will be an even more fantastic place to live. Also, I believe we’ll solve the transportation part of the equation [laughter]. The holy grail.

Matt: What’s your answer to that?

Michael: Oh, man. Whatever it is, we just need it. I travel internationally a lot. I’ll go to London, and ride on the tube everywhere I go. When I drive from here to Mickey Mouse, I’m like, “How do we not have a more advanced system of transportation in our region?” It’s a must, and I believe we’ll get there.

Roxanne: I’m from Toronto. I didn’t even need to get a driver’s license until I moved here when I was 28. Firstly, learning to drive on Highway 19 is really scary. Secondly, coming from a place where I could catch the subway literally every two minutes or take a bus every 7 minutes, to coming here, is a whole new world.

Michael: Incredible. We have to fix it, but I believe we will.

Matt: Who is someone in Tampa that you think is doing something cool and innovative here in tech, outside of Abacode?

Michael: Well, I would have to say Occam Technology Group. When it comes to sensor-based product design and development or the Internet of Things, this company is way out in front of creating innovative products for other companies.

Roxanne: Is there anything exciting coming down the pipeline for Abacode or for yourself?

We have build and will continue to build

Michael: Abacode is very collaborative. There are many nuances to cybersecurity, but when we come into an organization, we’ll tell the leadership that we don’t displace anyone. We help consolidate, augment, and add continuity into the business, but we’re very collaborative with all of the IT partners they already have.

Two things are big for us. The first piece is continuing in our partner program. We collaborate with other IT companies or non-IT companies that are trying to deliver cybersecurity solutions for their clients, because most just cannot do it. They can add certain pieces of cybersecurity or compliance, but not a consolidated and holistic solution. The second piece would be academic. We’re very big in partnering with academia so that we can learn, grow, teach – and it’s just needed.

I think of a business in two ways. One is the business of what you do, and then it’s the business of finding and growing talent. How do you find, recruit, onboard, train, and develop? We have a model that does that.

We have built – and we will continue to build, because it’s what we know how to do – a talent organization, a company that can scale. That is what’s required to deliver on our promise to clients and partners. I think any organization has to have those two components in their business, if they want to grow. We’ve taken that approach.

Matt: What is a business or tech book that you would recommend to our readers?

Michael: The Power of Positive Thinking. For me, it’s so fundamental, especially for an entrepreneur because it is hard. It’s like juggling on fire [laughter]. You better be ready for it. You have to be that bell tower and that light that constantly says we will do this. Anything is possible and I’ll show you the way, if you just work together, anything can be achieved. I read this book every year.

Matt: Final thoughts you’d like to share?

Michael: I believe we’re all blessed in life if we just wake up every day, have our health, and the ability to work hard at something. It’s pretty simple for me. Every day is a good day, no matter what. There are so many other people who have real challenges like children with cancer or disabilities that I honestly have zero to complain about. I wake up every single day with this attitude.