Gamma Force provided comprehensive security services, acting as Atropos’s CISO and security team.
Challenge
Atropos Health required expertise in security and compliance, particularly for HIPAA and SOC 2 certifications. They needed hands-on support to implement a secure, HIPAA-compliant infrastructure and align their security operations with industry standards.
Solution
Gamma Force provided comprehensive security services, acting as Atropos’s CISO and security team. Key services included:
- Establishing a HIPAA-compliant AWS infrastructure.
- Implementing network segmentation for security.
- Providing hands-on support for DevOps and security engineering.
- Assisting with SOC 2 compliance and other regulatory requirements.
Impact
Gamma Force‘s involvement was crucial in helping Atropos transition to a commercial entity. Specific achievements included:
- Setting up a secure AWS environment for commercial operations.
- Achieving SOC 2 Type 1 certification, enhancing Atropos’s credibility and security posture.
- Streamlining compliance processes and improving overall security governance.
- Educating internal teams on security protocols and distributing responsibilities effectively.
Interview with Rehan Chawdry, VP of Engineering at Atropos Health
Warner Moore: Hi, my name is Warner Moore. I’m the founder and CEO of Gamma Force. Today we’re meeting with Rehan Chawdry, the VP of Engineering at Atropos Health, for an experience share about our time working together. At Atropos Health, we serve as their CISO and security team and have helped Atropos with cloud and security engineering as well as the ongoing management of their security program.
Rehan, would you mind sharing a bit more about yourself, your role, and your organization?
Rehan Chawdry: As you mentioned, I’m the VP of Engineering at Atropos. That means software development, infrastructure security, and data integration are all areas that report to me. We’re a health tech startup that was incubated at Stanford University in 2020, and we cover the real-world evidence space. It’s almost akin to medical research as a service, whether that’s for pharma or health systems. I joined just when Atropos was looking to commercialize after incubating at Stanford for a while, and Gamma Force was really helpful in helping us make that transition. It’s really neat what Atropos is doing using modern data analytics and, dare I say, AI, even before the whole AI trend took over the talking points in technology.
Warner Moore: Rehan, what were your cybersecurity drivers that motivated you to seek out help before working with us? What’s your “why”?
Rehan Chawdry: As we were looking to commercialize, we needed someone who really understood the security space well, specifically around the health tech industry. As a young startup going through the phases of hiring and growing, we didn’t have the staff we needed when starting up. We needed a lot of help to actually implement some of the things we were advised on. We were talking to a lot of folks who provided cybersecurity policy and guidance, but we needed hands-on help to get us bootstrapped. For example, we needed to set up a HIPAA-compliant infrastructure, but the problem was a lot of folks only did advisement. Gamma Force and Warner, you guys not only offered the security guidance we needed but also had people on staff who could do things like set up a secure network in AWS and ensure it complied with HIPAA guidelines. We needed a DevOps team, and we didn’t have one, so Gamma Force was really helpful in filling that gap. This support was critical for us as a startup.
Warner Moore: We’re grateful to have had the opportunity to work with you at those early stages as well. When it comes to compliance requirements, be it HIPAA, high trust, high tech, and certainly SOC 2, getting ready for that audit can be challenging. Working together earlier enables us to get the right things in place at the right time, scale properly, and avoid slowing down your organization. Let’s talk a bit about how we work together.
What team members work with you, and how do we collaborate with your colleagues?
Rehan Chawdry: We still have a pretty small DevOps team, so we meet on a weekly basis. Depending on the current activity, whether it’s configuring our email systems or other tasks, we have regular checkpoints. Especially during our SOC 2 compliance process, Gamma Force was great at scheduling meetings with me and my team, and other members of our company in various leadership positions. This coordination was a big help, reducing my workload significantly. In addition to regular meetings on DevOps or security, Gamma Force reached out to other stakeholders as needed, which was really helpful given our limited resources.
Warner Moore: Being able to focus on scaling the team and product, and working on strategy, has much more impact for you and your role. We pride ourselves on taking as much off your plate as you want to give up.
Can you share some of the impact we made and your experience working with us?
Rehan Chawdry: Gamma Force was there at critical points in our growth. For example, transitioning from Stanford’s network to an AWS network was crucial. Gamma Force helped set up our AWS accounts, VPCs, and secure access workspaces, enabling us to deploy our pieces and become a commercial organization. Additionally, achieving SOC 2 compliance was a major milestone. Gamma Force guided us through this, recommending tools like Hyperproof, which has also been useful for other standards like GDPR. Your assistance in writing policy documents, working with auditors, and coordinating with internal stakeholders was critical. These efforts helped us grow and meet security requirements for our partners.
Warner Moore: Thanks, Rehan. It was our pleasure. Is there anything else you’d like to share about you, your company, or your experience working with us?
Rehan Chawdry: At Atropos, navigating health tech securely as a startup was challenging. Gamma Force provided a mix of guidance, operations, and hands-on support that was crucial for our growth. I’m glad we had the chance to work together, and I highly recommend Gamma Force as a trusted advisor for startups needing critical roles filled. Kudos to Gamma Force for making that possible.
Warner Moore: Thank you so much, Rehan. I’m grateful for you and the opportunity to work together. I’m excited and looking forward to seeing the evolution of our work together. Ultimately, security is strategic when done well and not just about checking boxes. Atropos is a perfect example of how to do security strategically.
Where are you with your compliance management? We’d love to hear from you. Schedule a free consultation to learn how we can help evolve your capabilities.