In this week's Newcomers article, we introduce Brainframe Technologies company. We had a conversation with Davy Cox, Founder of Brainframe Technologies, who shared insights about the company's origins, unique features, and plans for the future.

Please introduce your company and the products/services it offers.

Brainframe Technologies, established in 2016, is committed to reshaping Governance, Risk, and Compliance (GRC) management. Recognizing the industry's inefficiencies, we recently developed Brainframe.com, a pioneering solution blending Information Security Management Systems (ISMS), GRC, Quality Management Systems (QMS), and Document Management Systems (DMS) in a single platform. Our mission is to "Democratize GRC", making robust security and compliance management accessible to all business sizes and types. We're regulation-agnostic, flexible, and we instantly digitalize, centralize and augment your existing Word/Excel work. Our visual, context-aware representations of assets, tasks, processes, risks, and KPIs offer unprecedented clarity. Available as a cloud or self-hosted solution, we cater to any regulatory requirements, making GRC efficient, effective, and affordable.

What led to the creation of your company?

My entrepreneurial journey began in academia as a graduate in ICT electronics, where I led a virtual small business project that won multiple awards. I then co-founded one of Luxembourg's first e-commerce platforms, Lunchtime.lu, where I realized the significance of cybersecurity. This propelled me to earn a Master’s in Security (RSSI) and start Brainframe Technologies, a cybersecurity consulting firm. During my tenure as a “CISO as a service” for big companies like Doctena and others, and after talking to many colleague CISO’s, it became clear I was not the only one struggling to effectively manage the security and compliance of companies, which ultimately inspired me to create Brainframe.com.

What is the most difficult or unexpected thing you've had to overcome on your journey?

As a fully self-bootstrapped solution, wrong feature/roadmap decisions are financially even more impactful compared to companies that have been funded, which is sometimes frustrating because you cannot go as fast as you would like to. We therefore now try to include our customers as early as possible in this decision process. Next to that, one of the key challenges I did not anticipate was that the decision process for starting/changing their GRC solution, where prospects are clearly convinced during the demo, takes much longer to finalize. At the same time this comes with the advantage of very low churn (near to 0%) and only supports our long-term partnership strategy. A key element in solving this problem was to optimize the onboarding process, ensuring there is no friction to get started. 

How is your offering different from your competitors and other market players?

Our mission is to “Democratize GRC”, which we do by offering it in a very cost-effective way so that no size/type of company needs to compromise on quality, compliance or security due to budget. Most GRC tools force a fixed way of working (with a high learning curve) and are limited to a set of legislations/frameworks, whereas we are very flexible and framework/regulation agnostic allowing you to manage anything. 

Because many already have a high investments of quality work in Word/Excel, we allow them to instantly augment this work by uploading it onto our platform and use it with all our features. 

Finally, our visual and context aware representation of company assets and dependencies, tasks, processes, risks and KPIs does not exist in any other solution. By offering the system as a cloud solution and self-hosted for highly regulated companies, we can cater to any type of company

What did you find at LHoFT / What did LHoFT bring you?

We entrepreneurs tick in special way, where most other people don’t understand where we get the energy, inspiration, and motivation from. By being part of LHoFT, it is easy to connect and talk about similar issues that on top of that are all constantly exposed to GRC challenges. I see it like a big family of likeminded smart people that are pushing to make a difference in our society.

What's next?

Now that we have a highly appreciated solution for the management of GRC, we are focusing on growing the network of trust between the many actors in the GRC in Europe by creating a win-win-win between companies, suppliers and consultant companies. Effective GRC is so complex that it is impossible/too expensive for most companies to internalize all competencies, which is why instead of competing with exiting specialist, we bring them closer together with companies struggling in specific domains.

As like for most of the world, but even more important in the security market with a huge lack of specialists, 2023 is also the year of AI where we are automating multiple tasks that neither consultants nor companies want to spend time on, eventually making the global compliance efforts more cost-effective. We do believe a human should always be in the loop, which is why our efforts in AI are built in such a way that they augment the specialists, indirectly reducing our expertise gap.