From an early age, I always liked helping others. Whether it was helping my Parents or Grandparents, helping someone whose car broke down, helping someone move, helping people who’d just been involved in an accident – I always seemed to be driven by a desire to help others. I also knew from an early age that I wanted to have my own business by the age of 35 and not be working for someone else forever.My early career started as a programmer, but I quickly transitioned into a team lead role. I got my start into the working world around the same time as we were in a headlong train wreck with an economic recession. I picked up a job as an IT team lead for a company with 1,200 employees and managed to hang on through bi-weekly staffing cuts, all the way down to 50 people remaining in the company and in the end, showing up to work to find chains on the doors.
From there, I moved on to another company with over 600 employees as an IT Manager. I was one of 12 IT Managers, with two VPs of IT above me and a CIO above them. Within three months of my start, the company brought in a “consultant” to optimize the company and establish profitability. After a few weeks, the consultant started recommending a variety of initial strategic cuts and I was feeling a dreaded sense of déjà vu. The owner of the company liked what the hatchet-master was doing so much, that the company decided to keep him and name him CEO. Over the course of my remaining five years with the company, I was the last standing member of IT Management. The company experienced years of soul-wrenching layoffs and attrition, bringing the company down to about 35 employees. I couldn’t take it anymore, so I went in search of a better situation.
I went on to become the VP of IT and Infrastructure for a supply chain e-commerce company. Unfortunately, the leadership of that organization was as bad, if not in many ways worse, than the hatchet-master at the prior company, but about a year in, the gift of a 4-inch deck of paper dropped on my desk along with an order from the boss that we needed to become compliant. The pile of paper had the initials PCI on the front cover. From that moment, I embarked on a life-changing journey.
At the time, the vast majority of the consulting knowledge surrounding compliance was held by large scale enterprise consulting firms, primarily in the Accounting sector. The plethora of service providers, consultants, hosting companies and point solutions we have access to today did not exist. I commenced an 18-month experience of playing phone-a-friend, searching the Internet, consulting with the Assessor, trying failing then trying again to use the few astronomically expensive vendor solutions available. Ultimately, I gave up and decided to create solutions in-house. By the end, through sheer will, we survived PCI compliance and proved every requirement to the PCI Assessor.
At that point, I took stock of my collective experiences. Working for horrifyingly mismanaged companies that spiraled toward or to the brink of failure and reporting to soul-sucking bosses for eight years was weighing very heavily on me. It was driving me crazy to work for companies driven by the sole objective of lining the pockets of the ownership/leadership, or making decisions driven exclusively by positive reporting for the investors. I realized that if I kept saying to myself that I can run a company better than the people I had worked for, it was time to put my money where my mouth is. Unfortunately, this happened to be just after the height of the greatest depression seen in the United States since the 1930s.
I made a game plan with two other partners to fill the void in the marketplace for companies seeking assistance with surviving compliance. In addition to compliance consulting services, we would also perform deep-dive penetration testing. I managed every aspect of the organization myself, aside from the deep dive technical security testing.
After three years of completing a wide variety of consulting engagements, covering everything from PCI, ISO, SOC 2, HIPAA and more, I realized the similarities across all of these engagements. I was managing engagements as a consultant, including coordinating with Assessor teams and their QA departments, to get clients initially through compliance and then helping them to maintain compliance going forward. I knew that a comprehensive platform to support compliance collaboration would help them initially achieve their compliance objectives, and make every subsequent year easier. However, my vision was a departure from my partner's desire to remain focused exclusively on penetration testing efforts. If I wanted to make such a compliance collaboration system, I was welcome to do so on my own time. This was the first sense that things weren’t going to work out. Fast forward through the next two years of what I can only describe as a downward spiral of pain, I watched my hopes and dreams torn apart – the business imploded.
Meanwhile, I spent two years of nights and weekends designing an online compliance portal to help those in the compliance space manage all of the deliverables required for any compliance engagement. With my IT background, I already knew all of the right resources to get started and reached out to my first PCI Assessor from back in the day to sanity check our design. A group of us met in the evenings and on weekends, literally above the garage, designing, vetting, storyboarding the screen layouts and functionality of the system. This system was never intended to be compliance requirement specific, but an online portal capable of handling any form of industry-standard compliance, to serve anyone going through compliance - companies, service providers, assessment firms, QA departments - you name it.
On the foundation of that ever-present desire to help others, Total Compliance Tracking was born in 2013, with online business operations kicking off in 2014, to help others struggling, as I once had, with managing compliance engagements. We kept the lights on initially with consulting engagements and built TCT Portal from the ground up. The TCT Portal officially came online with its first paying client in early 2015, and we’ve been serving the compliance community ever since to make every year an easier year to achieve and maintain compliance.
TCT is owned by three people – me, myself, and I. While initially resentful of devoting eight years working for horrible people, followed by 5 years working in a failed partnership, time brought wisdom from the painful experiences. I started to understand my prior experiences were essential growing pains that I needed to go through in order to prepare me for running TCT. The experience of building a company from the ground up, with no investment backing, is both a harrowing and exhilarating journey. TCT is that scrappy company, built literally from the ground up through sheer will, tenacity, blood, sweat, and tears. TCT will never have investors and was never built to be sold. TCT does things because they are the right thing to do, not because we’re driven by third party agendas. TCT was built to become an engine for doing good in this world.
Some may wonder why I would be so open about my past. It's because everything that exists at TCT today has been built on that past. The past shapes who you become, what you aspire to do and what you aim to achieve. It’s this past that drove me to start TCT, and what will drive its future of continuing to help others.
Watching TCT unfold over the past several years has been a foundational experience that underscores just how much I owe to those around me who helped TCT get to where it is today and will continue to do so into the future. I don’t believe I could ever really repay those people for their faith and devotion to both myself and TCT, but I sure am going to give it my best. My parents helped me in many ways, not the least of which was financial, through the dark hours of this journey. There are personnel that have maintained devotion to TCT since the early planning phases above the garage, to whom I am forever grateful. There are many that took a leap of faith and jumped into the TCT fray, rolled up their sleeves and helped create solutions. There were early clients who put their faith in TCT and truly partnered with us to make enhancements to the platform for the benefit of all users. Finally, my wife and daughters provide relentless support. This journey has revealed is just how important it is to have a supportive family around you, as in many ways, they pay a substantial price to support my (our) dream and the ultimate mission of TCT. To everyone that has held faith in myself and TCT, please know that I will forever be in your debt, as you’ve taught me many lessons through this journey, which I am glad to have gone through together. It will be worth it as TCT continues to unfold over the coming years. From the bottom of my heart and soul, thank you.