Jeff Alvarez: A People-Centric Leader Driving Change and Competency in Cyber Security

An indigenous personality, Jeff Alvarez is the Chief People Officer at SecurityScorecard (SSC). He has been leading HR/People and Culture teams for almost two decades now—since approximately 2005. With extensive experience across several fast-growing industries, Jeff has been working in tech for the past seven years and currently plays the role of a CHRO.

At SSC, Jeff’s primary responsibilities include overseeing Talent Acquisition, Learning and Development, Employee Experience, Employee Relations, People Operations, and HR Business Partners.

Jeff has been recognized for his work in several areas including Diversity, Equity, and Inclusion, achieving high levels of employee engagement, and revolutionizing the way organizations attract and retain top talent by using psychometric tools, cutting-edge evidence-based interviewing techniques, and building company-specific compensation and reward systems that tie directly to key business objectives.

His journey and experience are a testament to sheer hard work. His undying passion for serving people and marking a global footprint in the cybersecurity domain is what keeps him going and growing.

Joining SecurityScorecard

For Jeff, it’s important to work in a mission-driven environment where his values are aligned with the organization’s values. And this is the case at SSC. Hailing from a family of veterans, law enforcement professionals, and psychologists who are all passionate about serving the country and communities, Jeff wanted to follow in the same footsteps. Coming from such a distinguished and purpose-driven background, serving people was always the priority.

So, SecurityScorecard’s mission to make the world a safer place by transforming the way organizations understand, and mitigate cyber risk resonates with Jeff at a personal and professional level. Adding more to this, Jeff says, “Additionally, I want to highlight how strongly I feel that my personal values align with our company values. We have a sharp focus on being solutions-oriented, resilient, customer, and one team—we call that One Scorecard—all of these beliefs are aligned with my values which reinforces my commitment to our work.”

About SecurityScorecard and its Offerings

SSC offers easy-to-understand, A-F graded scorecards for compliance, reporting, and decision-making. The company also offers cybersecurity assessments that empower thousands of organizations with actionable insights to improve their cybersecurity footprint.

It offers professional services that improve an organization’s cybersecurity posture and third-party risk management. The teams of security experts offer tailored solutions to help its customers meet their compliance requirements while optimizing their in-house security team efforts.

The Stand-Alone Factor

Jeff states that there are too many cybersecurity tools out there and frankly, the market has now become saturated.

However, within cybersecurity, SSC is different for two reasons:

1. Most of the vendors are very specific, such as focusing on identity management or endpoint security — SSC is different because it tackles cybersecurity holistically since it rates 12 million organizations daily across a wide range of factors, including endpoint security, patching cadence, network security, and several others.

2. Also, very few companies focus on metrics/measurement of cybersecurity, and that’s what SSC created — it’s like the credit ratings for cybersecurity.

Within the security ratings market, SSC is different for several other reasons:

● The company was founded by 2 heads of cybersecurity (which are called Chief Information Security Officers, or CISOs) so security is embedded in the company’s DNA.

● SSC collects almost 99% of its data, which makes it more accurate and trustworthy.

● It has a marketplace of apps and services — over 100 integrations

● The company is highly collaborative, even with organizations who don’t pay them anything — it fixes scorecards for free and changes are seen in 1-3 days.

Diversification is a Key Aspect of SSC’s Growth

In a competitive market, many big players try to ace their product/service offerings with constant developments.

At SSC, the company diversifies its solutions along many dimensions to ensure that it can effectively serve its broad customer base to manage its cybersecurity risk. For instance,

● The company localizes its product in multiple languages;

● It adheres to compliance and privacy regulations for customers in specific industries (e.g. banking or healthcare) or geographies (e.g. European Data Protection requirements);

● It has certifications such as FedRamp to work with the government sector;

● It supports the Accessibility guidelines recommended by the ADA for users with disabilities.

SSC is constantly talking to its customers to obtain feedback and add new products to its portfolio; for instance, it currently has two new products in active development which it expects to release over the next 6 to 9 months.

Integrating an Employee-First Environment

SSC has time and again experienced that when employees are encouraged and supported their performance, creativity, and engagement soar. It’s not just about meeting targets; it’s about creating an environment where everyone can reach their full potential. Hence, the company’s commitment to well-being is an investment in its people, and the returns are evident in their dedication, productivity, and overall satisfaction.

But let’s remember that well-being is not a one-size-fits-all concept. It’s about understanding and responding to the individual needs of each employee uniquely. As a company, SSC is well aware of this and readily listens, adapts, and ensures that everyone feels valued and supported in their well-being journey. Jeff adds, “Our success is intrinsically tied to the well-being of our team, and we’re dedicated to making sure every member of our organization experiences that connection in their daily work life.”

Jeff believes that it’s important to note that, while technology and infrastructure are undoubtedly crucial, one must recognize that the human factor plays a pivotal role. As a Chief Human Resources Officer in cybersecurity, Jeff aims to provide the employees with the necessary training to thrive in an ever-evolving industry and foster a culture of cybersecurity consciousness for every employee.

For this, SSC has created an in-house curriculum focused on:

1. TPRM training

2. How to embody Security DNA

3. Cyber bootcamp

4. How to demonstrate Customer Obsession

And many other leadership development programs that help them to drive better results while clearly outlining career development pathways for every Scorecarder to thrive.

Two Sides of the Global Pandemic

On the one hand, SSC was well positioned for the overnight shift to remote working since the company has always been a remote-first organization with employees located globally.

On the other hand, like many other organizations, the company faced a range of challenges including many employees who contracted varying degrees of COVID-19 (and had several employees who passed away from it), the complex regime of physical office requirements including masking and contact tracing, and workforce reductions in recent years as the economy has tightened.

As a business, SSC has been extremely busy over the last few years since its technology is used in both pre- and post-breach situations. The number of attacks has continued to increase exponentially, particularly in a fragile and fragmented world coming out of a pandemic and with geopolitical issues in Russia, Ukraine, China, North Korea, and now the Middle East.

The Next Promising Step

SSC is on a mission to measure and improve the security of its digital ecosystem.

The company’s priorities now and for next year include:

1. Transform its SecurityScorecard ratings into a “must-have” at Board of Director meetings, with alliances, within governments both in the U.S. and abroad, and in the cyber insurance industry

2. Automation with 360-degree insights driven by generative AI

3. Expand from ratings to solutions, meaning that it goes from being a point solution to a platform play, like CrowdStrike.

In short, SSC looks forward to implementing these three goals in the upcoming year.