Apptega is a market-leading end-to-end cybersecurity compliance platform that security-focused IT providers, and in-house teams use to build and manage cybersecurity and compliance programs simply, quickly, and affordably. Pulse 2.0 interviewed CEO Dave Colesante to learn more about the company.
Dave Colesante’s Background
What is Dave Colesante’s background? Colesante said:
“I got my start in tech over three decades ago in software development and have spent the last 25 years in cybersecurity, including leadership roles at several managed security providers prior to joining Apptega in November 2023. From working with high-growth startups to businesses with billion-dollar revenue, my background includes driving technology innovation and customer success, as well as scaling operations and creating shareholder value in recurring revenue businesses. I’ve also specialized in leading M&A transactions, including as COO of Securonix where we built and scaled a successful SaaS SIEM company that was acquired by a large software-focused private equity firm in 2022.”
Formation Of Apptega
How did the idea for the company come together? Colesante shared:
“We’re at an inflection point at Apptega. The company was originally founded with the idea to build powerfully simple software for in-house security and IT teams struggling to track and report on compliance activities, which is typically a very manual, spreadsheet-based process. Since then, what we’ve realized is that, while there are many companies in this space that tailor offerings to the enterprise, few if any have considered the very specific technical needs and business challenges of managed service providers, to whom most compliance and security work is outsourced. Over the last year or so, as I and others from the managed security space have joined Apptega, we’ve embraced the opportunity to serve these providers – whether MSP, MSSP, MDR or XDR – by not only building a platform that helps them deliver real-time compliance to their clients at scale, but that also enables them to bring lucrative compliance and security solutions to market that boost top-line revenue, margins and net retention.”
Favorite Memory
What has been your favorite memory working for the company so far? Colesante reflected:
“My favorite moments come when our partners share their wins – a deal they closed where Apptega proved a differentiator, a successful QBR with a client where they were able to show progress toward a compliance goal, a quarter where revenue exceeded expectations. And those moments are happening more and more frequently.”
Core Products
What are the company’s core products and features? Colesante explained:
“Apptega delivers real-time continuous security and compliance health and scoring against more than 30 regulatory and best practices frameworks, automating much of the manual work this typically entails through integrations with evidence repositories, ticketing systems and security products. The upshot is that companies can track and report on how they’re performing relative to a certain standard, framework or peer cohort.”
Challenges Faced
Have there been any industry challenges in managed services recently? How are you helping partners overcome those challenges? Colesante noted:
“Managed service and security companies face aggressive growth mandates in an increasingly competitive space. It’s also challenging for service providers to demonstrate the value of often hard-to-quantify security services. By tailoring our platform to the specific needs and challenges of service providers, we are helping them fuel growth by bringing continuous security and compliance offerings to market.”
“Our recent funding will support these efforts by allowing us to enhance our partner program, execute against our partner-first product roadmap, and productize artificial intelligence. The Apptega platform currently leverages AI to deliver security controls guidance and remediation expertise, but that’s just the tip of the iceberg. As with all knowledge-based fields, it will increasingly be the case that much of the ‘block-and-tackling’ work in cybersecurity and compliance that today requires human expertise will be displaced by generative AI and delivered through software.”
“This will have huge ramifications on consultancies and service providers, who must differentiate with high-level expertise and through the scope of their services to stay competitive. Ultimately, we want to arm managed service providers with powerful AI technology so they can run their businesses more efficiently and provide the high-end security guidance that generative AI can’t.”
Evolution Of The Company’s Technology
How has the company’s technology evolved since launching? Colesante emphasized:
“As we increasingly lean into a provider-led product and go-to-market motion, we’re building software that helps managed security companies provide real-time, continuous security and compliance health and scoring at scale. That means enabling them to simultaneously provide all their clients with a snapshot of their posture relative to several compliance and security best practices frameworks instantaneously.”
“We also continue to build out integrations with security products, evidence repositories and ticketing solutions, mapping those connectors to the framework controls they fulfill such that the entire process – getting a view of where you’re compliant and where you’re not, and what your overall posture is – is automated. Furthermore, our investments in generative AI will help providers deliver guidance and routine technical work more effectively and with fewer human resources, which will both increase their margins and free up their people to focus on more accretive work.”
Significant Milestones
What have been some of the company’s most significant milestones? Colesante cited:
“Securing our recent funding from Mainsail, who has been an incredible partner, was a major milestone because it allows us to continue to invest in our technology, partner program and security talent. We also crossed 20,000 global compliance programs under management and now count more than 200 managed service providers as partners.”
Customer Success Stories
After asking Colesante about customer success stories, he highlighted:
“We’re seeing our partners leverage Apptega to bring to market compliance offerings that grow revenue, retention and margins. By packaging their existing cybersecurity services with the Apptega compliance “wrapper,” they’re able to generate new revenue from compliance – for instance, by helping an organization meet requirements associated with HIPAA – but they’re also able to sell more of their security services, because it’s those services that actually satisfy the compliance controls.”
“On average, our partners see a 400% return on their initial Apptega investment within the first year. So, for instance, in December, we brought on a 200-person regional MSSP based in New England. In six months, they’ve already quadrupled their return and have an additional six figures in the pipeline.”
Funding
When asking Colesante about the company’s funding details, he revealed:
“I can tell you that there are now more than 20,000 compliance programs running on Apptega globally and that that number is 5x greater than it was 2 years ago. We recently secured a $15 million growth investment from Mainsail Partners, who also invested $37 million in Apptega in March 2022.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Colesante assessed:
“There are a couple of ways to look at this. The global compliance management software market is currently valued, according to some estimates, at about $35 billion, and expected to grow to about $75 billion in the next five years. On the provider side, there are about 10,000 managed security service providers and about 600 MDR companies. When you start to consider how many end clients those providers collectively serve, and their combined wallet share, the numbers start to get really big. That’s why the channel is so powerful.”
Differentiation From The Competition
What differentiates the company from its competition? Colesante affirmed:
“There are two primary areas. First, we are provider-first. Where other compliance vendors serve the end customer – in-house security and IT teams – we focus on empowering our partners to deliver high-value business outcomes to their clients at scale. We win when our partners effectively deliver recurring compliance solutions, which, for them, drives higher revenue, margins and retention. So not only do we enable them through the software, where they can leverage multi-tenancy across their client base and deliver services one-to-many, but also through our partner program, where we’re arming them with the sales, marketing and technical resources they need to go to market in a differentiated way.”
“Secondly, we’re injecting both our business and platform with security expertise. It’s one thing to deliver compliance outcomes, which are binary ‘yes/no, did I satisfy a control?’ But ultimately, we want to be able to deliver real-time visibility into security posture so organizations can answer the crucial questions, ‘Am I secure?’ and ‘How do I know?’”
Future Company Goals
What are some of the company’s future company goals? Colesante concluded:
“Our goal is to continue building and delivering a world-class product for managed service providers that’s synonymous with continuous compliance and security. If we do that, we’ll grow Apptega into a very large company that helps many providers both meaningfully grow their own businesses and help their clients address increasingly complex security and compliance challenges.”
