When I was a kid, the idea of being a technology professional didn’t appeal to me, which was strange considering how many hours I spent in front of the family computer. In the early 80s, personal computers (PCs) were very new and the dream PC at the time, for a kid at least, was a Commodore 64 with all the games. My dad didn’t buy that, instead he got a Tandy 1000EX. It didn’t have as many games but it did have a modem and soon after hearing about BBSes (Bulletin Board Systems), I found myself connecting to various “boards” and meeting people. It wasn’t long before I was meeting fellow computer geek kids at a Denny’s or Steak’n’Shake to talk about all things geek culture. Still, as I went through my schooling, the idea of getting into technology was not very appealing. At the time, I believed that the only jobs in IT were programming jobs. Anyone who has spoken to me long enough knows I have a very ADD-esque personality, so the thought of sitting at a computer writing lines of code sounded like torture. So, I instead decided to become a rockstar.
Do you know the difference between a professional musician and a large pizza? A pizza can feed a family of four. I quickly learned that a wandering bard life was not in the cards so I needed a job. This was the late 90s and you could get an entry level technology job if you could spell ‘IT’. I found myself as a contractor deploying PCs to a 500-employee organization. Prepping the PCs was fun enough, this was before plug’n’play and the dreaded IRQ issues with soundcards, so it was easy. The unexpected part for me was how excited I was to deliver the new systems. Many of the employees had either been sharing a group PC or didn’t have access to one at all. I was giving them a tool that would make their jobs easier, I was truly helping them. I finally understood that in technology our purpose is to help others. I spent the next 10 years of my career in technical support.
Parameter came to exist in much the same way as many other companies–I was frustrated. At the time I was the Director of Technology for a bank holding company. When I was first hired, they desperately needed help, and over the next 5 years my team and I turned their environment into what one federal auditor called “a model network” which was pretty much running on autopilot. As a federal institution, we had Gramm-Leach-Bliley Act (GLBA) regulatory requirements that included penetration and policy assessments. I was frustrated that it seemed like my only options were accounting firms who would run an automated scanner and call it a penetration assessment or a solutions provider whose assessment was really nothing more than a presales tool. I needed a company that would help by just giving me the information I needed without trying to sell me solutions. On Christmas Eve 2006 I was griping to my then spouse about this frustration, and we joked about starting a company to provide this service which escalated into a company registration with the State of Missouri. By late January I was attending “ethical hacker” training in Washington DC and on June 2nd 2007, I became Parameter Security’s first full-time employee.
I always expected Parameter to be a St. Louis-based business that specifically worked as “ethical hackers”, but over the past 15 years we have done so much more including penetration assessments, policy reviews, information security training, digital forensics, and public speaking. We even started a conference, ShowMeCon, which pre-COVID was becoming the largest security conference in the region. To date we have done work in 22 countries and nearly every state in the union driven by our ability to help customers with their specific issues.
Let’s face it, regulations and compliance are not anyone’s idea of fun yet it is a requirement for many organizations. Combine that with a fear of the unknown when it comes to “cyber” threats, and Parameter addresses an area of business that terrifies many executive boards and business owners. Being able to demystify threats and compliance while empowering customers to manage their risk truly fuels our business and truly keeps me going. These days I am grateful to have a team of InfoSec experts who feel the same way with passion for their expertise and a desire to share their knowledge with our customers. This team has made Parameter Security even better than I could have ever imagined.
Early on we realized that our company does not work well with organizations that are only going through the motions in their security program. We are not a “check the box” firm, and our best clients are those who truly seek to understand their risk and improve their security whether starting from scratch or improving an already robust security program. We have been fortunate to work with many great leaders of companies who meet this criteria. Utilizing our expertise to help these companies allows us to thrive both as a company and as InfoSec professionals.
As a leadership team, we recently revisited our core values which reflect the same principles on which Parameter was originally founded 15 years ago:
That being said, we realized that we had missed the mark on our core purpose and passion which isn’t our expertise itself but it has always been that we care about our customers. Properly updated, Parameter Security’s core passion is “We care” (it’s actually “We F3$@$ing care” but to keep this article PG we’ll just say “We care”). Being information security experts is a given, caring about the best interests of the customer is not, and it is this passion that continues to drive Parameter Security growth as we embark on this 16th year of business.
In this relatively young industry, the past 15 years have been pioneering to say the least. So what does the next 15 years hold? We remain committed to providing excellence in penetration assessments to our customers across many industries while focusing our assessment and advisory services on PCI compliance. We understand that PCI certification isn’t enough, and that organizations need to manage their risk in a way that helps secure their company but isn’t burdensome or detrimental to everyday operations.
As vCISOs we help our customers build a security program that is effective for true company operations. As QSAs, we approach each engagement as a partner of our customer, with the same goal for achieving PCI certification. We strive for each assessment to be less stressful and try to provide more benefit to our customers than just a final report. We care about helping our customers better secure their organization and meet compliance requirements.
Thank you to everyone who has been a part of the Parameter story, whether you were a customer, a partner, an employee, a student, or even an attendee to ShowMeCon–Parameter would not be what it is today without you. Cheers to the next 15 years of caring about the security of our customers.
Cutting his teeth on technology starting at age 5, Dave gained an instant attraction to the inner workings of his computer. Before the age of 8, he wrote his first computer software program and, by the time he was a teenager, he ran one of St. Louis’ biggest networked bulletin board systems. One of his favorite movies is WarGames, which he believes captures the life of a hacker accurately. Dave’s interest in information security grew from that point on.
Dave has experience in several different technology positions that has given him a broad view of the field. He worked as Architect for A.G Edwards’ electronic messaging system, as a technical liaison to credit card organizations, as a HIPAA compliance technical advisor for medical and dental practices, and as Chief Technology Officer for a $700 million dollar bank holding company.
He then went on to found Parameter Security in 2007, which has grown into an information security company offering a large array of assessment, advisory, and DFIR services regarding InfoSec technology and policy. Dave enjoys speaking about these topics—he has traveled to over 22 countries for conferences and training events!
Dave has appeared on several news programs including on ABC, Fox Business, CNBC, MSNBC, and CNN, as well as on local radio stations. His work has appeared in multiple online and print publications including Popular Science, Associated Press, Information Security Magazine, FOX Business News, and CBS. Outside of work, Dave enjoys reading sci-fi and history pre-476 AD.