Coalfire: Maintaining Compliance Standards while Reducing Cyber Risks

Rick Dakin, CEO & Chief Security Strategist
The altercation with a cyber risk environment for companies that strive to transform into digital businesses of the future is inevitable. The need of the hour is an advanced risk management capability; one that is nimble enough to help companies recover fast from attacks as well as improve their future defense capability. This is where Coalfire steps in, providing IT audit, security assessment, and IT compliance management solutions. “We constantly evaluate threats that emerge from current technology trends like cloud and mobile, and combat it with services that include deep technical assessment and compliance solutions,” informs Rick Dakin, CEO and Chief Security Strategist, Coalfire.

Focusing primarily on risk management, all of Coalfire’s solutions are issued after thorough consultation. “We do not offer premeditated solutions, but rather technology tools that are a perfect fit for a particular business issue,” says Dakin. Also, since the company narrows its services to cyber risk and compliance, their expertise runs deep in technical skills, evaluation, and mitigation of risks. In line with this, Coalfire offers the Federal Financial Institutions Examination Council (FFIEC) Assessment, which is designed to assist federally insured financial institutions with risk reduction, enable FFIEC compliance, and increase operational efficiency. “While our competitors engage in several services, at Coalfire, we believe in emphasizing and honing on our niche approach— independent cyber and compliance risk advisory,” he adds.

Conducting 1500 assessments and advisory engagements in a year, Coalfire has witnessed varied security threats. In response, the company has devised an innovative enterprise risk and compliance platform—Navis, which tailors workflow and communication. Navis comprises of a number of SaaS solutions that provide organizations protection against data breaches, while effectively maintaining compliance.
In addition, Coalfire also offers processes and consulting services that allow customers to be truly compliant to the Federal Risk and Authorization Management Program (FedRAMP) standard—which establishes secure and compliant cloud services for government agencies. Coalfire is a FedRAMP third party organization working with cloud service providers as assessor or advisor. “Our solutions assist in easy navigation through the FedRAMP templates and having conducted a large number of assessments, we provide an extremely streamlined method to get through FedRamp approval,” states Dakin.

In one instance, a large retail financial services company was challenged by a cyberattack. Their system was locked out because of ransomware and overnight, it accelerated into a million dollar problem. Having met the client's compliance standards for 7 years, the customer sought for Coalfire's help to mitigate the risks in their compliance programs. On request, Coalfire also conducted an end-to-end assessment of the different business functions specific to HR and legal. Although the probability of the client coming under attack still holds, they are now better off in their ability to defend against negligence claims. Coalfire’s ability to negate cyber and compliance risks also finds way into its name, which signifies the transformation of coal into fire.

Focusing primarily on risk management, all of Coalfire’s solutions are issued after thorough consultation

Currently, investing heavily in the market for growth equity capital, Coalfire has added 100-150 senior level cyber advisors. “The company is going to own the independent advisor role at the board and that’s our mission,” reveals Dakin. Coalfire also observes a massive growth potential in the cloud and plans on expanding their services to customers of Amazon, IBM, and VMmware.

(Rick Dakin passed away on June 22, 2015, couple of days after he gave the interview to CIO Review)

Coalfire News

Coalfire Releases 2020 Cloud Security Report

WESTMINSTER, Colo. - Coalfire, a provider of cybersecurity advisory and assessment services, today released its latest research report, The Smartest Path to Your Secure Cloud, with collective insights, market research, and firsthand experience to help guide secure cloud deployments and operations. The report identifies key considerations, common pitfalls, and practical advice for professionals who have responsibility for enterprise cloud strategy, planning, adoption, and operations.

"Many organizations rush into digital transformation without aligning on strategic outcomes or taking the proper steps to plan," said Gregg Martin, VP, Solutions Engineering. "Using cloud as a strategic enabler of digital transformation and applying a roadmap for creating a secure cloud in the enterprise means avoiding blind spots and unnecessary missteps."

The report provides a planning guide based on research and insights from participating members of Coalfire's Cloud Advisory Board, data results from actual cloud deployments, and lessons learned from cybersecurity professionals about their own digital transformation journeys. The research was designed to support security, privacy, and technical teams with integrating their cloud migration strategy across the enterprise by factoring in business and IT goals and the KPIs that will be leveraged to measure those achievements. Teams can use the report for strategy and implementation before, during, and post-deployment to move their cloud initiatives from concept to reality while optimizing security over time.


Cost was seen as a critical factor in cloud migration planning with many organizations having it as an expected business outcome, yet only 36% of survey respondents indicated that they realized cost savings. Proper planning was identified as the linchpin to successful cloud migration that leads to real business outcomes. Other key research findings include:

• Strategy

o Beyond cost savings, more commonly reported business outcomes were increased responsiveness to customer needs (45%) and accelerated time to market (42%)

• Planning

o Planning to use legacy teams is risky, yet only 28% plan to augment existing teams with the outside expertise necessary

o Despite the large blind spots created by not conducting a cloud readiness assessment, fewer than 50% of respondents plan to do so

o Also troubling is the fact that fewer than 40% intend to appoint a management steering committee to ensure alignment from beginning to end, a proven best practice

• Adoption

o The "shift-left" approach addresses quality review and testing earlier, thus reducing the chances that production defects lead to exploitation risks

o The most prepared cybersecurity leaders initially integrate only a small number of applications to a security platform starting with low impact/low risk applications

• Operations

o Partnering your security practitioners with your cloud engineers helps ensure that any code and automation development or changes are supportive of security policy automations

o 67% of respondents plan to use code and automation

"The unprecedented shift to the cloud has forced companies to make complex decisions about digital transformation in this new era," said Mark Carney, EVP Cybersecurity Services. "We developed this research with the hope of advancing the cybersecurity community by building strong cloud security leaders and ensuring best practices are instilled in the cloud."


Louisville, CO

Rick Dakin, CEO & Chief Security Strategist

Provides IT audit, security assessment and IT compliance management solutions.