The dinner that started it all with Expel’s new CISO

· 3 MIN READ · GREG NOTCH · APR 12, 2022 · TAGS: Company news

Expel recently welcomed a new face to the executive team with the addition of Greg Notch as Chief Information Security Officer (CISO). Fresh off of 15 years as CISO and Senior Vice President of Technology at the National Hockey League (NHL), Greg has been in the security and tech biz for over 20 years — helping companies large and small through all three dot-com booms.

As Expel’s CISO, he ensures the security of our systems, and keeps customers educated on the threat landscape and latest techniques for mitigating risk in their environments.

In this post, get to know Greg and what drew him to Expel, in his own words.

The dilemma

A little over five years ago, my company tasked me with building our information security program. As I sat in my office, I faced a seemingly impossible problem: the current approach to info security programs involved solving several complex problems simultaneously.

Conventional thinking for an enterprise security program said you first had to buy a bunch of security tools and gather logs from the tools and the rest of your environment. Then you bought a security information and event management (SIEM) tool and jammed in all that data. Next, you hired and staffed a security operations center (SOC) team to sift through the data and respond to what they found.

Honestly, that sounded terrible. This “solution” created two other problems to solve: how to manage all those tools and data, and how to staff the organization that would deliver actions and outcomes from the pile of data. Both are difficult, but building a SOC with the expertise and experience necessary to handle it can be especially daunting. Not to mention, if you wanted it to be a 24×7 operation, it involved hiring somewhere between eight and 12 people.

The only obvious alternative was to outsource this entirely to a company that would make all the technical and staffing decisions for you. But the players in the market at the time weren’t making decisions based on individual customer needs; they were focused on what was economical for them to provide as a service. After several conversations with peers who used these services, it appeared that none of those services took any context from the customer, which meant endless reams of meaningless alerts from your own tools — usually at a substantial cost.

Spoiler alert: None of these options sounded appealing. I’d worked with venture-backed businesses previously, so this gap in the market seemed to me like a good opportunity to reach out to my venture capitalist (VC) friends for advice. In my experience, venture-backed businesses are a successful way to solve problems the market isn’t adequately addressing. When successful, this approach has the added virtue of being to everyone’s benefit (my security program, the company, and the venture backers).

I began expressing my exasperation to VC folks, explaining that there must be a better way and asking, “Why isn’t there a platform to solve this problem at scale?” Most responded that it was an industry-wide dilemma, and that it likely wasn’t solvable — at least not with software.

The path to Expel

Somewhat dejected but undeterred, I headed off to D.C. for a security conference. There, one of my VC friends set up a meeting with “folks who may be trying to solve that problem you keep pestering us about.”

Intrigued, I met Expel’s co-founders Yanek, Merk, and Justin for dinner and the rest is, well, the stuff of legends. They saw the same problem and had a compelling plan for how to solve it. At the end of the meal, I remember asking them: “So… when can you start?” To which they responded, “We should probably set up a company first.” That company was, of course, Expel.

Since then, I’ve watched as they built an amazing team and company, founded on core values and a culture that I didn’t think was possible. They delivered on every commitment, big or small, and every interaction I had with the Expel team was thoughtful, humble, and relentlessly customer-driven. The values permeated the entire company, and I saw that it was the sort of place where anyone would be lucky to work.

Now I have the distinct privilege of joining that team, and becoming an Expletive. I’m looking forward to continuing the journey.