Risk Ledger is securing the world against cyber attacks. They're using software to de-clog
the cyber security risk and compliance industry, making it easier than ever for companies and
their suppliers to build and maintain airtight cyber security.
Every company needs to care about cyber security but with current technology it's a pain to
manage. Risk Ledger takes that pain away.
When Risk Ledger came to us in September 2019, they were facing a problem common for startups: how
can you grow your team and your product without compromising on quality?
There were 3 paths ahead:
- Hire quickly but run the risk of hiring the wrong person
- Wait for the right hire but make limited product development progress in the meantime
- Get help from a trusted partner
Risk Ledger were a team of 10 at the time. It's not an exaggeration to say that hiring the wrong
person at this early stage could have catastrophic consequences. Equally catastrophic is delaying
product development to find the right hire.
Option 3 hits the sweet spot. By working with us Risk Ledger made serious progress on their
software without having to rush to hire.
"Old Reliable came on board to increase our development capacity at a critical time for Risk Ledger. They rapidly developed a proof-of-concept natural language processing tool, then developed it into a cloud micro-service which integrated easily into our existing system. Our clients have been screaming for this tool - now we're using it to make their lives easier. A massive value-add for them and us!"
CEO, Risk Ledger
If you're a supplier to a large company, chances are you have to fill out a cyber security
compliance questionnaire to meet your client's standards. If you're also a supplier to another
large company, chances are they have their own - slightly different - compliance questionnaire for
you. For suppliers with lots of clients, filling in these questionnaires can be the equivalent of
a full time job.
This is an absurd waste of effort. Can we use software to automate it?
In a word: yes.
The trick with innovating is to try ideas out quickly and cheaply. This lets you get a feel for
whether an idea will work without using all of your company's resources to do it.
We suggested a three-phase project to let Risk Ledger experiment without over-committing:
- We sat down with Risk Ledger staff to understand the problem they want to solve and offer
advice on the best way to solve it.
- We built a rapid proof-of-concept (PoC) to explore whether we could
apply natural language processing techniques to automatically answer cyber security
- Conditional on the success of the PoC phase, we developed the
PoC into a more robust web service which integrated into Risk
Ledger's wider existing system.
We took ownership of the development process so that Risk Ledger's team could focus on their own
work. We used agile development and communicated regularly with Haydn, Risk Ledger's CEO; Dan,
Risk Ledger's CTO; and Bruno, one of Risk Ledger's Fullstack Software Engineers, to make sure that
our solution aligned with their vision and would integrate easily with their existing system.
"The project execution from R&D to the final service implementation has been exemplary. The hand-off was smooth and has allowed for an easy integration into our cloud infrastructure!"
Fullstack Software Engineer, Risk Ledger
PROOF OF CONCEPT
The goal was to quickly explore how to use existing answers to cyber security compliance questions
to answer other previously-unseen questions. We kept our code as lightweight as possible at this
stage so we could focus our efforts on discovering the most effective solution.
The end result was a Python library which used natural language processing techniques for
automatic question answering.
We used Black, mypy, and automated testing to speed development. These tools have the added
advantage of improving the maintainability of our code. By using them as standard we get this
maintainability for free.
To improve the PoC, we focused on 3 main areas.
- We improved the accuracy of the question-answering system using statistical analysis
- We improved robustness and error handling
- We added more tests to improve maintainability
As an extra value-add, we made it possible for Risk Ledger to include their own branding in the
We turned our PoC into a micro-service by wrapping our Python library in a lightweight server
process. The server consumes jobs from AWS SQS and communicates with Risk Ledger's existing system
with gRPC. Results are sent back to AWS SQS so that Risk Ledger's existing system can take further
action - for example, by sending the filled-in questionnaire back to the client.
The result was a web service to which Risk Ledger's clients can send their cyber security
compliance questionnaires to be automatically filled in. Risk Ledger's clients can now save a huge
amount of time thanks to our work.
Risk Ledger continues to jump from strength to strength. In January 2020 they claimed a
place on the highly competitive 2020 LORA Cyber accelerator program - a move which
positions them as a global competitor.
We had a blast working alongside Haydn, Dan, Bruno, and the rest of the Risk Ledger team. These
are smart people, working hard on an important mission. We're proud to have been able to help
realise their vision and look forward to working together again in the future.
You can follow Risk Ledger's journey on Twitter or LinkedIn.