Thoughts from Mahmood Sher-Jan, CEO and President of the newly formed RADAR, Inc.
I’m drafting this on the eve of the public announcement that RADAR, a SaaS platform I invented that developed into an autonomous business unit in 2014, is now a fully independent, incorporated company backed by series A funding of $6.2 million.
In our official press release we’ve outlined what this means for the future of RADAR. Our independence gives us access to investment capital to continue our innovation, invest in our platform, and accelerate the growth of our business.
I look forward to all the innovation and great work ahead of us, and find myself reflecting on the path we’ve traveled with our customers to bring us where we are today.
My inspiration for RADAR struck at the end of 2009, motivated by first hand observations of operational challenges facing privacy, compliance, and security officers responsible for managing incidents involving PII or PHI.
I developed an empathy for these overworked professionals and became intensely aware of their struggles with the complexities and ambiguities of performing compliant incident risk assessments. Managing incidents once they occur can be an incredibly stressful and subjective process. Suffering an incident and sorting out if it’s a data breach based on ever-changing state and federal laws is complex, and over or under reporting poses a huge risk for organizations.
There weren’t any systems or tools designed to help manage this process, but I envisioned a way technology, using analytics and purpose-built software, could eliminate the inconsistency and inefficiencies that were inherent with the existing approaches.
10,000 Ways Not to Make a Light Bulb
We started with the HIPAA breach notification rule. In collaboration with customers and regional partners, we began building a risk assessment model to help solve the distinction between PHI incidents and reportable breaches.
I spent months thinking over this issue, building and rebuilding models. Light bulb moments – a moment of clarity in which you suddenly realize the solution to your problem – happen. But, to paraphrase Thomas Edison, you also learn many ways to not make a light bulb in the process.
As soon as we had our HIPAA model built (RADAR 1.0), our customers and prospects continued to ask that we do the same for all the state and other federal breach laws – not an easy task given the number of regulations and frequency of changes introduced annually across jurisdictions.
I am not one to shy away from a challenge, especially one that, if solved, would bring true value to our customers. We kept coming up against the same issues regardless of which state or federal laws we tackled:
- How is Personally Identifiable Information (PII) defined?
- How is Protected Health Information (PHI) defined?
- Which jurisdictions provided a risk of harm test and/or other exceptions?
- Which jurisdictions use thresholds as part of requirements to notify?
To effectively address state and federal breach laws, we developed a new way to capture the profile of each incident, score the incident, and create jurisdiction specific heat maps to plot data sensitivity in relation to incident severity. We validated our results with customers and their legal teams alike. RADAR 2.0 came to be.
Growth and Continued Development
It was at this time that the first Fortune company adopted RADAR as a solution. That was a big milestone for our operation: realizing that a Fortune company, with a history of innovation, saw the value of RADAR and the differentiation in our engine, and decided to take a chance on this small startup being incubated within ID Experts. This confirmed for us the business need and the value of what we had to offer.
In the years since, we’ve had many iterations and releases of RADAR, each improving our platform, expanding its functionality, and keeping pace with changing state and federal regulations. As of today’s date, we’re on RADAR version 6.4.4.
Building a Team, Building a Path Forward
The development of our product was matched by growth in our team – talented software developers, product and regulatory content managers at first, customer success, sales, and marketing to follow. We became an autonomous business unit in 2014 and moved into our downtown Portland, Oregon office. In the last year alone we’ve added a dozen new Fortune 500 companies to our roster, and more than doubled our average contract value and monthly recurring revenue.
But the core mission of RADAR has remained the same – our culture is driven to help organizations make work life better for privacy and security officers, by giving them more control over their environment, and bringing a sense of order and calm despite the complexity of managing and responding to privacy and security incidents.
With any newly launched company, you find yourself answering the same questions:
- What does this mean for your business?
- What do you most look forward to in the next chapter?
- What does this mean to you, on a personal level?
Our independence will create more opportunities to reach new markets and develop new relationships under our own stead. This move means we will continue to innovate in the RADAR platform, accelerate the development of new features, and deliver exceptional value, support, and return on investment to our customers.
I am appreciative of the early years of incubation at ID Experts, a company that saw the promise in our product and allowed us to develop and validate our vision into the successful company that we are today. The dedicated team we’ve built to focus on RADAR’s growth has been instrumental in RADAR’s evolution. Where we’ve arrived today proves that, if you pull together the right team of highly competent and committed people, they’ll do their best work.
On a personal level, this is a very gratifying milestone, having experienced the entirety of RADAR’s development from concept, through early adoption, to acceleration in growth. I’ve enjoyed seeing how our business – with the right foundation, the right solution, at the right time – has grown and has revolutionized how privacy and security incidents should be managed.
Of course, we have many milestones that remain ahead of us, and my vision for RADAR is to establish ourselves nationally and globally as a marquee company coming out of the silicon forest.
And in that pursuit, we are just beginning.