An Understandable, Accessible Approach to Cybersecurity

Q: How has Hackmetrix evolved within the Mexican and Latin American market and how did the company use the US$1.3 million investment round it closed in June 2023? 
A: We evolved from being just a platform that facilitates obtaining certifications, such as the ISO 27001 and the PCI Data Security Standard (PCI DSS), to a comprehensive platform that offers security monitoring, allowing companies to control everything they have exposed on the internet to ensure their safety and the continuity of their operations. The US$1.3 million investment round closed in June 2023 is aimed at strengthening our position in the Mexican market, although we have only started to deploy that capital this year. Despite this, we achieved 110% year-on-year growth, demonstrating the solid progress of our platform in the region.

Q: How did Hackmetrix tailor its platform to respond to the specific requirements of companies in Mexico, from startups to large corporations?
A: The Mexican market differs from the Chilean market. In Mexico, our main market is medium-sized companies that have undergone a significant digital transformation, adopting technologies for automation and industrialization, especially in the manufacturing sector. We adjusted our products to tackle physical operations that require hardware monitoring in specific work environments. Our sales approach has also been modified to address the different decision dynamics between a startup’s chief technology officer (CTO), who is often looking to validate solutions quickly, and a technology manager, who more thoroughly evaluates issues before committing to an implementation.

Q: What are the most common challenges companies face and how does Hackmetrix address them?
A: One of the biggest challenges in cybersecurity is the perception that it is a complex area, difficult to understand and accessible only to experts. This image has historically limited its adoption, especially among SMEs. We address this challenge by simplifying both the communication and implementation of our solutions, enabling even those without in-depth knowledge of cybersecurity to protect their digital environments. We focus on making cybersecurity accessible and manageable, even for operations or technology teams in smaller companies, which are often interested in learning about and managing security, but require more direct support than large corporations.

Q: What is the main competitive advantage that allows the company to stand out in the market?
A: Companies in the region prefer integrated solutions rather than specialized products for each problem. Instead of offering an enterprise-level platform that only focuses on ISO certifications, Hackmetrix offers a one-stop-shop solution that addresses several cybersecurity needs
simultaneously. Our platform not only allows users to monitor internet exposure to assess vulnerability, but also facilitates the implementation of policies to comply with regulations, trains employees, and offers expert security audits.

Q: What business advantages do your clients gain from obtaining cybersecurity certifications or acquiring your monitoring solutions? 
A: Companies see their business grow. Our solutions allow Mexican companies, particularly SMEs, to compete on an equal footing with large international corporations. These certifications are not only crucial for software development companies, which handle confidential information, but also for consulting and automation firms, allowing them to expand and close deals with large corporations. Certifications aligned with ISO 27001 also allow companies, especially in the financial sector, to adapt to various regulations in Mexico and other Latin American countries with minor modifications, facilitating their regional expansion. Finally, we also see a reduction in the risk of cyberattacks among our clients, indicating greater resilience to potential threats.

Q: What emerging cybersecurity trends or threats are having the greatest impact on the Latin American B2B landscape?
A: There is a growing realization that being in compliance does not guarantee security, and vice versa. Many companies have operated under the false assumption that complying with security regulations is enough to protect against threats. However, some organizations implement security controls just to comply with audits, and then neglect the ongoing maintenance of these measures. This trend is changing as companies place a greater emphasis on aligning effective security and compliance, which is crucial both to prevent hacks and to comply with certifications and regulations.

Automation is also transforming the cybersecurity industry. Reliance on consultancies is decreasing as more processes become automated, reducing the need for intensive and costly consulting hours. This has created a favorable environment for product innovation that automates functions previously dominated by consulting firms, a trend that is rapidly gaining ground. 

Q: How is Hackmetrix ensuring that its platform is aligned with the specific security needs of cloud environments?
A: Last year, we established a strategic partnership with Amazon Web Services (AWS), which allows us to offer a specialized module for monitoring cloud configurations. This module performs a continuous audit of security configurations through read permissions, identifying implemented controls and detecting areas for improvement. We also extended this capability to Microsoft Azure and Google Cloud Platform (GCP), covering 95% of the cloud market. Going forward, we plan to launch a new module that will not only monitor configurations, but also offer customized recommendations based on the size of the company and the characteristics of its applications.

Q: How is Hackmetrix integrating AI and ML into its platform to deliver more advanced and effective solutions?
A: We recently developed “Mike,” an internal AI tool that assists our team in solving cybersecurity queries with 100% accuracy. Using OpenGPT and AWS Bedrock technologies, Mike allows our team to handle a larger workload without the need to significantly increase specialized staff. We are also working on advanced functionality that will allow Mike to audit documents and identify errors based on our established parameters, which will speed up the certification process.

In the near future, we plan to release Mike to the market so that our customers can benefit from these capabilities. In addition to resolving queries and auditing documents, Mike will assist in vulnerability detection by analyzing historical parameters and suggesting possible attacks,
improving overall security.

Q: What role does cybersecurity education play within Hackmetrix, and what initiatives are you launching to create cyberattack-ready teams?
A: We are aware of the limitations in formal cybersecurity education in Latin America and Mexico, as the country often lags behind because it uses outdated methods that do not meet the needs of the market. We launched the Hackers Academy to address this gap. This is an intensive nine-month program that employs a hands-on, challenge-based approach similar to the hacker learning methodology. This program has proven to be effective, training professionals who successfully integrate into the industry.

We also created the PCR Academy (for compliance auditors), and will soon launch the CISO Academy, to address other crucial areas, such as automation and regulatory compliance. These academies are designed to prepare professionals to manage security projects and effectively comply with regulations.

Q: What are Hackmetrix 's main short-term goals in terms of strengthening and integrating into other markets?
A: In the coming years, we will focus on making our platform more adaptable by allowing customers to select only the modules they need rather than purchasing the full suite. We will deepen our integrations with AWS, Google, and Microsoft, and launch a Business Suite to improve the monitoring of platforms such as Google Workspace and Microsoft Teams. We will also launch Mike officially and focus on strengthening our presence in Colombia. 

Mexico is key to our strategy, given its immense market size and the fact that we have not yet reached even 1% of its potential. Our objective is to continue to expand and strengthen our presence in the country.