Gamma Force provided ScriptDrop with Fractional Executive Services and CISO support.
This interview explores how ScriptDrop, a pioneering health tech company specializing in prescription delivery through technology, partnered with Gamma Force to enhance their security operations. Faced with the sudden departure of their security leader, ScriptDrop required immediate expertise to maintain and elevate their security program. Gamma Force, known for its robust Fractional Executive Services and CISO expertise, stepped in to fill this critical gap.
Challenge
ScriptDrop needed to quickly replace their security leader and bring in specialized knowledge to not only maintain but also improve their security posture. With patient health information at stake and stringent audit requirements such as SOC 2 and HIPAA, ScriptDrop sought a partner who could seamlessly integrate into their operations and provide strategic guidance.
Solution
Gamma Force provided ScriptDrop with Fractional Executive Services and CISO support, focusing on:
- Rapidly integrating into ScriptDrop’s communication channels and workflows.
- Streamlining the process for risk assessments and audits, including SOC 2 and HIPAA.
- Educating the broader organization on security needs and distributing responsibilities across different teams.
- Implementing modern, automated controls to enhance operational efficiency and reduce manual workloads.
Impact
The partnership between Gamma Force and ScriptDrop led to significant improvements in the company’s security program. Key outcomes included:
- Enhanced organizational alignment and streamlined communication through integrated tools.
- Improved efficiency in gathering audit evidence and conducting risk assessments.
- Increased awareness and education around security protocols across the organization.
- Strengthened overall security posture and governance, ensuring better protection of patient information.
Interview with Mike Berkman, CTO of ScriptDrop
Warner Moore: Today we’re meeting with Mike Berkman, CTO of ScriptDrop, where he’s going to be sharing some of his experiences working with us. ScriptDrop is a health tech company that facilitates prescription delivery through technology. ScriptDrop had an existing security program, and when their security leader left the company, they reached out to Gamma Force for help. Gamma Force assisted ScriptDrop through Fractional Executive Services, CISO services, and ongoing management of their security program.
Mike, could you share a bit about yourself and your company as we start our conversation today?
Mike Berkman: Hey Warner. I’ve been with the company a little over two years. I support everything on the engineering and software development side of the business, along with IT, security, and recently, data. About a year and a half ago, our security leader departed, and we needed to quickly bring in expertise to fill the gap and elevate our approach to operationalizing security, improving governance, and enhancing our overall security posture. Gamma Force and their team were able to quickly get up to speed on our environment and provide supportive and helpful guidance as we evolved over the next year and a half.
Warner Moore: That’s one of the things we pride ourselves on—having a strong, experienced team. I like to think of our work as an “instant security organization,” which was certainly the case here.
Can we talk a bit about how we worked together, the team members involved, and the way we operated?
Mike Berkman: Gamma Force integrated directly into our organization, primarily through Slack conversations, email, and occasional meetings. Handling communications primarily through Slack has been beneficial for us as it’s a lightweight touch and a good way to stay connected without a lot of overhead. We also use a shared Trello board to manage priorities, which has been helpful for maintaining alignment. The team has been great; we have a series of shared channels, allowing us to communicate and collaborate easily.
Warner Moore: We like to work more like a tech company, and it’s always great to share stories of tech companies working that way. With our remote teams and people in different time zones, we find this a much better way to work. I always try to move away from email, except for external folks like auditors or those in the financial industry who aren’t on Slack.
Can you share a bit about the impact we’ve made on your organization, your security program, and your business?
Mike Berkman: Gamma Force has been instrumental in helping us with our SOC 2 audit and HIPAA risk assessments. As a health tech company, protecting patient health information is critical. We are audited, so we need everything to be well-organized. Gamma Force has streamlined our risk assessments and audits, making it easier to gather and collect evidence. They’ve also educated our broader organization on what’s needed and why, distributing responsibilities across different owners in various areas. This has been very helpful.
Warner Moore: We take pride in building capabilities within an organization. Security shouldn’t be managed by a single point of failure; it’s a team effort. Modern tech companies benefit from automating and streamlining processes, reducing the time spent on security tasks.
Do you have any closing thoughts or anything else you’d like to share about you, your company, or our work together?
Mike Berkman: When we started working closely together, you mentioned wanting to be our “security blanket.” Security is a critical part of our organization, and Gamma Force has been guiding us through it, taking a lot off our plate. I manage engineering, data, IT, and security, so it’s extremely helpful to have Gamma Force as a trusted partner. Their expertise and support have been invaluable.
Warner Moore: I appreciate that, Mike. As CTO, you have to focus on many things, like scaling the product and team, and ensuring consistent delivery to customers. We love taking the security challenge off your plate, allowing you to focus on areas where you can make the biggest impact.
Where are you with your compliance management? We’d love to hear from you. Schedule a free consultation to learn how we can help evolve your capabilities.