Rising Through Resilience: Sam Kassoumeh of SecurityScorecard On The Five Things You Can Do To Become More Resilient

An Interview With Fotis Georgiadis

Listen to the Negative Feedback — Positively! Don’t just hear it, but really listen to the feedback you get. Take lessons from both positive and critical feedback — the critical reactions will let you know about potential pain points and help you position your idea in the best possible way.

Resilience has been described as the ability to withstand adversity and bounce back from difficult life events. Times are not easy now. How do we develop greater resilience to withstand the challenges that keep being thrown at us? In this interview series, we are talking to mental health experts, authors, resilience experts, coaches, and business leaders who can talk about how we can develop greater resilience to improve our lives.

As a part of this series, I had the pleasure of interviewing Sam Kassoumeh, Co-Founder and Chief Operating Officer, SecurityScorecard.

Sam Kassoumeh is Co-Founder and Chief Operating Officer of SecurityScorecard and is responsible for driving the company’s product portfolio. With extensive experience as both a cybersecurity practitioner and leader, Kassoumeh’s experience has been pivotal in the growth and development of the company as well as establishing the ecosystem risk management / security ratings space. Kassoumeh’s passion for internet security started in his teens and propelled him into key cybersecurity roles including as head of security and compliance at Gilt Groupe and worldwide InfoSec lead at Federal-Mogul. Sam holds a BBA in Management Information Systems from the University of Michigan-Dearborn.

In this interview series, we are exploring the subject of resilience among successful business leaders. Resilience is one characteristic that many successful leaders share in common, and in many cases it is the most important trait necessary to survive and thrive in today’s complex market.

Thank you so much for joining us! Our readers would love to get to know you a bit better. Can you tell us a bit about your backstory?

Currently, I’m the COO and co-founder of SecurityScorecard, the global leader in security ratings. Prior to founding SecurityScorecard, I spent over a decade heading up security teams at companies like Gilt Groupe and Federal-Mogul (in my home state of Michigan). In truth, my passion for internet security started in my teens. That interest has propelled me throughout my career, including my college major in Management Information Systems from the University of Michigan-Dearborn.

Can you share with us the most interesting story from your career? Can you tell us what lessons or ‘take aways’ you learned from that?

The story that led to me and Aleksandr Yampolskiy founding SecurityScorecard is probably the one that stands out the most. Alex and I worked together at Gilt Groupe, where he was the CISO and I was the head of security and compliance. We were assessing the security of a large financial provider that offered a fraud prevention product we would be using to vet all e-commerce transactions.

We spent weeks talking to them and reviewing their somewhat-daunting 30-page security questionnaire. At the same time, our Financial Controller kept impatiently asking why we weren’t expediting our assessment. He kept telling us, “We need this product YESTERDAY!” Despite pressure to sign a contract for a partnership we desperately needed, our security instincts told us that we needed to do a deeper vetting of our potential partner.

We continued working, going way beyond the questionnaire, even though it was costing us money (in e-commerce fraud that wasn’t being prevented by our current system) to keep delaying our decision. But as we started poking around using passive security research methods, we discovered signs on the Internet that the company was compromised. If we had rushed the deal, we could have put our customers at risk. After discovering the vendor’s security issues, we incorporated specific legal provisions into the contract to protect our company.

This experience is how we realized that a market gap existed when it came to third-party risk assessments around cybersecurity. It was the defining event that led us to launch SecurityScorecard, hoping to engineer a way to allow companies to gain a deep view into another company’s security and get instant, accurate, and independently-verifiable answers.

What do you think makes your company stand out? Can you share a story?

At SecurityScorecard, we completely rewrote the rules of the industry and built the idea of security ratings from the ground up. Whether you’re a Fortune 100 company or a mom-and-pop pizza joint, we give you what you need with an easy-to-use dashboard that displays information about high-risk vendors and offers predictive insights. You can think of it like a credit assessment; but instead of looking at the financial health of a company, you’re looking at the security health, in real time.

We collect publicly available information, so no one ever needs to ask permission. You simply enter the name or the URL of any company in the world and receive a comprehensive security health performance scorecard within a few seconds.

Nothing like this existed — until we built it.

None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful towards who helped get you to where you are? Can you share a story?

Three people really stood behind my career goals. My parents supported my curiosity as I grew up in the mid- to late-90s, and helped get me access to computers and the technology I needed to learn about cybersecurity. Lastly, there was a teacher who really helped me explore this area, when it was still so new. I’m so indebted to each of them.

We would like to explore and flesh out the trait of resilience. How would you define resilience? What do you believe are the characteristics or traits of resilient people?

Resilience is a trait necessary for any entrepreneur. When you start building a business, you will get a hundred ‘no’s before you hear a ‘yes.’ If you’re not able to find a way to learn from those rejections, you’re not going to be able to survive. Resilience means understanding when to keep going, when to pivot, and when to double-down.

When you think of resilience, which person comes to mind? Can you explain why you chose that person?

For me resilience is about having the stamina and the grounded nature to persist through trying times. When I think of resilience, I think of my dad.

He’s someone who I have watched demonstrate patience and perseverance consistently.

Has there ever been a time that someone told you something was impossible, but you did it anyway? Can you share the story with us?

Even though I had great supporters throughout my career, people have always told me that the things I wanted to do were impossible. When we started SecurityScorecard, people kept saying that our non-invasive techniques would never work. They believed that you had to go through the full process of actually trying to break into a company’s system to get a true sense of how secure it was. Not true!

I was lucky that I had Alex in my corner working with me. We had a lot to prove to the world.

Did you have a time in your life where you had one of your greatest setbacks, but you bounced back from it stronger than ever? Can you share that story with us?

Most of my life has been spent working on cutting-edge technologies. That means that nearly everything I’ve accomplished was at one time impossible — and so of course I’ve experienced lots of setbacks along the way. Anyone who has ever worked in cybersecurity can tell you that it’s an industry built on getting knocked down and getting back up again.

Years ago, I was trying to make digital records secure when everyone else believed that paper was the only way to store records. My first few attempts didn’t even work, but I saw that the future of work was going to be digital. In the end, I won the IEEE invention contest, creating the first digital records.

Did you have any experiences growing up that have contributed to building your resiliency? Can you share a story?

Building resilience is the story of my late teens and early twenties. After college, I lived in Shanghai, and nothing makes a person more resilient than moving to a country where you don’t speak the language. I can still remember when I first moved there, and had to order food in a restaurant with no idea what I was going to get. It was a small moment, but it was a little bit of a jump into the unknown. Those are the kinds of things that make us resilient. We try new things, not knowing what’s going to happen, and hopefully we’re pleasantly surprised.

Resilience is like a muscle that can be strengthened. In your opinion, what are 5 steps that someone can take to become more resilient?

1. Listen to the Negative Feedback — Positively! Don’t just hear it, but really listen to the feedback you get. Take lessons from both positive and critical feedback — the critical reactions will let you know about potential pain points and help you position your idea in the best possible way.
2. Fail at something! Even the best of us fail. When we first started SecurityScorecard, many people told us that we would never make it, or that our idea was impossible to execute. We heard ‘no’ from top investors, colleagues, and influencers. Each time we failed, we tweaked our pitch — until we heard our first ‘yes.’
3. Attack Your Fears! It doesn’t have to be something dramatic, but you should do the things that make you nervous: from skydiving to giving a talk at a conference. When you face your fears, you learn how to overcome them.
4. Read a lot. Reading is the best way to gain perspective. You can learn from others’ mistakes and see different ways through a problem. We feel empowered when we are more informed. We see that others have bounced back, and we can too.
5. Ask for help. Even though asking for help can feel like you’re admitting failure, it’s actually a sign of strength. Whether you need a sympathetic ear or someone with experience to help you along, working through things with others can make all the difference. It can be your co-founder, a mentor, or a trusted family member or friend. Your support network can save you when you’re at your lowest.

You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂

As someone who’s always been an innovator, I’m passionate about finding new ways to reduce our dependence on oil-based products. If we don’t start looking for environmentally sustainable solutions, we won’t have an environment to live in anymore.

We’ve spent a lot of time decontaminating toxic chemical spills, but we’re still causing damage to the environment. We need to reduce our carbon footprint by finding a way to get rid of everything that uses oil and other non-sustainable resources. We need to stop deforestation, and prevent the disruption to wildlife habitats.

We need to leave the world a better place than it was before we arrived in it, through innovation and invention.

We are blessed that some very prominent leaders read this column. Is there a person in the world, or in the US with whom you would love to have a private breakfast or lunch with, and why? He or she might just see this, especially if we tag them 🙂

Leonardo Di Vinci! He was an out-of-the-box innovator in so many different areas from painting to mechanical devices — his ability to innovate on both sides of the brain is a rare gift. He also exemplified practicing continuous learning as an innovator (His quote: “learning never exhausts the mind” is one that I live by).

How can our readers follow you on social media?

https://www.linkedin.com/in/skassoum/

This was very inspiring. Thank you so much for joining us!

---

Rising Through Resilience: Sam Kassoumeh of SecurityScorecard On The Five Things You Can Do To… was originally published in Authority Magazine on Medium, where people are continuing the conversation by highlighting and responding to this story.