For Kelly Hansen, the year 2000 provided many reasons to celebrate. As president and CEO of Sun Tzu Security, Milwaukee, Hansen’s more notable accomplishments of the year included an appointment to Governor Thompson’s high-tech council, where she was one of 26 executives chosen to help promote the development of science- and technology-based businesses in Wisconsin.
And in its first year of eligibility, Sun Tzu Security was named a Future 50 company, an award given by the Council of Small Business Executives of the Metropolitan Milwaukee Association of Commerce for young, fast-growing companies. "I did not anticipate getting it the first year we were eligible," says Hansen, who points out that a company has to show three years of financial records in order to be eligible. Companies must be 10 years old or younger to apply.
"I like that you have to expose financial information. It makes the award that much more legitimate." She adds that the award symbolizes for the company "a wonderful confirmation that we’re on the right road."
Also very involved in numerous business organizations in the area – including the high-tech organizations Wisconsin IT Leadership Organization (WITLA) and eInnovate.org, both of which she is a board member – Hansen believes the firm’s success lies in its ability to make itself known, as well as to prophesize. "We were very early to market," she says, "and what seemed so obvious to me four years ago is still not obvious to the majority of the marketplace."
Hansen describes the company as providing data risk-management for its clients. "We were formed to help companies better secure their intellectual property. We provide consulting services to help them get their arms around what are the risks, what is their most valuable information, how can they better protect it. And we roll our sleeves up and go to work," she says.
With very little competition in that market niche currently, Hansen says her firm’s competition is coming primarily from consulting firms trying to "dabble in the information security field."
"It’s a 24-7 job – so it really does need to be a core focus," says Hansen. "On top of that, if you’re developing networks and installing networks, you can’t audit your own network. It’s an internal conflict."
Hansen also points out a large shortage of information security professionals, which has been an obstacle for the company as well. According to Hansen, only two schools in the country currently have programs to train information security professionals.
In 1999, the board members of Sun Tzu decided there was a notable need to narrow its focus, and that there were certain segments within the marketplace that needed more security attention than others. "And in 1999 the heat started coming in with regulations that were passed way back in 1996, which were the HIPAA (Health Insurance Portability and Accountability Act) regulations," says Hansen. "And there’s a whole section in there that deals with computer security, and information protection and privacy. And I got very interested in trying to figure out how we could match ourselves to the health-care market."
So in that same year a former corporate compliance officer for a major health-care organization was brought aboard to partner with Sun Tzu’s chief technology officer. "They became this powerful twosome that tackled the market and got involved," says Hansen. "It was a gamble. But so far, so good."