For security, IT, and systems professionals at enterprise companies today, security is an ongoing and ever-evolving responsibility. Especially for those in corporate real estate who work tirelessly to secure both digital and physical assets, it's critical to know that any partner or vendor connecting to their systems have a robust and diligent approach to security. “Information security is hard, but not impossible,” says Steve Dawson-Haggerty, Co-Founder and CTO of Comfy. He’s right, so long as you are diligent about security in every step of development, deployment, and operations.
At Comfy, we take cyber security very seriously and implement best practices based on NIST frameworks to deliver secure products and services to leading enterprise customers around the world. We implement a comprehensive System Security Plan, consult and advocate for customer best practices, and build security into every step of our development process; plus, we’re gearing up to conduct an external audit next year. We are always willing to work through customers’ IT security processes in depth and to fully understand their concerns, recognizing just how critical this topic is to them.
Meet the Comfy Security Squad
Comfy tackles security from all angles and leverages a broad range of professional experience: years working in the intelligence community and at NASA, experience with building security processes for and with Fortune 500 companies, and years spent developing, testing, and maintaining secure building software. We believe that a team of professionals with versatile perspectives, expertise, and experience creates a stronger outcome for our customers—and it’s all about our customers.
Stephen Dawson-Haggerty, Co-Founder and CTO
As our Chief Technology Officer (and Chief Tinkerer), Steve spearheads our Information Security practices and procedures from A to Z. He oversees the creation and implementation of Comfy’s security program and ensures we apply best practices across the organization, leaning on his deep expertise in information security program development and secure software development. With a Ph.D. in Computer Systems and Networking, he co-created Comfy from the ground up, and works tirelessly to ensure security practices are ingrained and executed at every level.
Security mantra: Trust, but verify.
Nick Colburn, CFO
When it comes to security, sometimes it’s as straightforward as “making sure we have it,” as Nick, our CFO and resident keeper of security compliance and risk management frameworks, would say. He is responsible for managing the internal and external cross-functional team of security reviewers, and ultimately for approving security policies and audits. Nick's security tasks extend beyond information security with our product and customers, as he is also responsible for physical security at Comfy HQ and company financial risk. If it were anyone else, they’d lose sleep at night, but Nick is a seasoned vet—he’s the former CFO of two FinTech companies where security was especially critical given the financial nature of the businesses.
Security mantra: "Security is a process, not a product." — Bruce Schneier
Elizabeth Foughty, Sales Engineering Manager
When it comes to experience and expertise in assessing and consulting on security best practices, Elizabeth Foughty is our cornerstone. With over 10 years in software development, five of which she spent at NASA where security was astronomically important, she consults with our customers on software security best practices, network, and cloud security. She’s exactly who our customers want supporting them in their security review processes of Comfy and educating their teams about Comfy security practices. Furthering her street cred, Elizabeth also spearheaded U.S. Cyber Risk Modeling Consulting for a market-leading catastrophe modeling company, so when she recommends “Don't put your BMS on the corporate network!” you may want to listen.
Security mantra: Security is everyone's responsibility!
Eric Menendez, Information Systems Security Officer
As our resident ISSO (Information System Security Officer), Eric is the master of secure software development lifecycles, vulnerability discovery, systems administration, network hardening, and acronyms everywhere. He’s responsible for implementing Comfy's security program—which he’s well-equipped to manage, based on the five years he spent in the federal Intelligence Community managing security-related projects and his graduate research in hardware-based security and trust. Given his deep experience and constant kudos from customers, it’s no surprise Eric has been internally dubbed Grand Wizard of Security (wand forthcoming).
Security mantra: Practice defense in depth.
Elizabeth Royalty, Engineering Director
By day, Elizabeth manages our engineering team and leads front end application security and cross-site scripting (XSS) vulnerability testing by night. She’s been a software developer for over ten years, five of which were spent developing for Amazon where security and customer trust were central to everything they did. Security is forever ingrained in her brain.
Security mantra: Think before you click.
Tyler Hoyt, Software Engineer
Tyler is our ISSO Eric’s right-hand man, working together to implement Comfy’s security program. With over nine years in Building Science research and software development working with HVAC systems and IoT devices, Tyler can often be found implementing the most secure and efficient designs for connecting Comfy to existing building management systems. Among other areas of focus, Tyler works to increase the resiliency of the database system that stores BMS data at the core of Comfy’s platform.
Security mantra: Innovative solutions must come with innovative security strategies.
Grant Patterson, Software Engineer
As our resident Django backend developer, Grant manages our backend server software security, reviewing each piece of code we commit prior to customer release. Grant brings over ten years in software development with databases, web application frameworks, and object-relational mapping solutions.
Security mantra: A closed standard is a hackable standard.
Ron Kirby, Infrastructure Engineer
As our lead Infrastructure Engineer, Ron supports security policy implementation in platform, infrastructure, and system engineering—focusing on system security, DDOS incidents, and LDAP management. He knows his way around the maze of infrastructure security, leveraging his years of experience from Ask.com’s infrastructure team, where he spent time implementing system related security policy, port scanning, kernel patching, and credential rotation under the direction of the Chief Security Officer.
Security truth: Think about security BEFORE a breach.
Todor Tzolov, Product Manager
Todor is our security roadmap manager. Security is built into the Comfy process and roadmap, and that begins with Todor assessing and scoping security enhancements with our engineering team during the internal development process. This isn’t his first security rodeo; he leans on his past experience as Product Manager for enterprise SaaS products that actively maintained compliance with the standards and needs of Fortune 500 customer from across various industries.
Security mantra: Win first, then go to war.
Brian Cloughley, VP of Customer Success
At the end of the day, everything we do is about and for our enterprise customers, and as the head of customer success, Brian represents their voice. Brian brings years of experience leading enterprise-level security initiatives for AutoDesk’s construction software-as-a-service product for multi-billion dollar companies, where he completed SOC 2 assessments in effort to gain compliance. Brian knows it takes a village to establish strong security practices, “Security starts with a focus on great engineering development processes—it’s a mindset.”
Security mantra: Engage with your IT/InfoSec process early!
Given our work with Fortune 500 customers, we understand the systems savvy and cross-functional expertise necessary to stay vigilant with leading security practices. To learn more about Comfy security practices, visit our Trust Center.