Navigant's Cyber Risk and Information Security PracticeLearn More


CityBizList: A Video Conversation with Bob Olsen, Part 129 February 2016

Managing programs and developing solutions to safeguard sensitive data everywhere

Bob Olsen is the CEO and founder of North Star Group and COMPASS Cyber Security. Headquartered in Washington, D.C., North Star Group is a project management and risk management firm offering technical services to clients in across government, nonprofit, and commercial sectors. COMPASS, short for Comprehensive Applied Security Solutions, focuses on cybersecurity issues such as training, testing, policy development, threat intelligence, critical systems monitoring, and vulnerability scanning. A U.S. Army veteran, Bob brings years of leadership experience that have helped North Star earn rankings in the Inc. 500/5000 along with recognition as a SmartCEO Smart100 Best Run company in the Mid-Atlantic region (2012). Additionally, the magazine named Bob a Smart100 CEO for 2011. He is also Executive in Residence and Adjunct Professor of Cybersecurity at The Johns Hopkins Carey Business School, as well as a board member of school’s Dean’s Advisory Council.

Q. When did you start North Star Group, and how did that lead to COMPASS?

BOB OLSEN: My partner and I, Mike Shveda, worked together at a previous company over in Columbia, Maryland. Through the course of working together for several years, we decided that at some point in time we wanted to start our own company and do our own thing. Over many nights together, many trips together, he and I laid out a business plan to create North Star Group. North Star Group, at the time, really focused on what I would consider technical program management, as well as acquisition strategy and acquisition management for typically large technology or telecom-related programs within the federal government. So he and I started out, literally just the two of us, back in 2006, and then as we built our federal government client base up, we incrementally added capabilities: systems engineering, financial management, communications, outreach. Then, ultimately—probably around 2012—we started to add information assurance, or what the government considers cybersecurity expertise.

So, in 2013, it seemed like a natural sort of transition to then create a commercially focused entity, and that’s what’s called COMPASS. COMPASS is an acronym that stands for Comprehensive Applied Security Solutions. No secret there. We’re really playing off the North Star, guiding light, which is really kind of our founding principle: providing solid, vendor-agnostic, trusted advice to our clients. That really carried over to the COMPASS side, and so COMPASS provides direction and we purposely linked the two names of the organizations together.

COMPASS today is very focused on proactive, pre-breach cybersecurity services. We don’t just focus on the technology aspects of cybersecurity and cybersecurity is. It’s such a broad term; it’s like saying you’re “in the medical field.” So, it’s really important for us to articulate to our client base, and our prospective clients, where we fit into that ecosystem. Our focus is, again, proactive, pre-breach services. Although really, at the end of the day, organizations can spend an inordinate amount of resources and if the bad guys or the bad actors want to get in, then they’re going to get in the organization in some fashion. And so, our responsibility really lies with trying to advise clients so that they can minimize—ideally prevent—but if someone is able to hack in or break in, or even it’s unintentional—maybe somebody leaves an old device lying somewhere that has sensitive information on it—how do they really minimize the impact of that to their organization? Technology is not the sort of the be-all, end-all, cure-all. In fact, most of the time, what we see is that organizations have spent quite a bit of money on different technologies, some directly related to cyber security, some more traditional—you know, network infrastructure—but that still clearly has a role from an information security or cybersecurity perspective, and what we find is that they generally haven’t optimized it. In a lot of cases, they’ve even bought infrastructure that was either unnecessary or they bought a really high-end version of it, when really all they need is a more basic version of that. So, that’s one piece: the technology consulting.

Q. How would you describe your consulting style? What gets you motivated to do the work?

A. We really try and keep the personal aspect. For our mid Atlantic clients, if we have a preference and the ability, we’ll always meet with them in-person, at least for some portion, but we also have the ability to do a lot of it remotely, even the technology piece. But just little things, like handwritten thank-you notes, truly appreciating their business, and making sure that our team members—I don’t like the word “employee,” so we call everybody a team member—making sure that they understand that we’re here to provide that trusted objective advice to our clients. It’s really exciting. Cybersecurity is really a cool field. It’s fun. We get excited and passionate about it. It’s an interesting field, and it’s growing. I call it the Wild West. It’s just amazing how quickly technology is changing, how quickly organizations are trying to address what they should do, and it’s just a really interesting time.

Connect with Bob on LinkedIn.

Read the original article at citybizlist: Baltimore. This interview was sponsored by Offit Kurman.

Work With Us Learn How