How CXO Nexus is Setting the Standard for Security With Fortune 500 and Enterprise Companies

  • Industry: IT Spend | Finance
  • Services and Frameworks: Penetration Testing

Location: New York | Remote
Number of employees: 15
Established: 2017

The Company: Increasing financial visibility to optimize vendor spend

CXO Nexus, Inc. is a leading data analytics firm that optimizes Vendor Spend via AI & Machine Learning. The Company’s product is a real-time decision-making tool using patent-pending Artificial Intelligence (AI) and Machine Learning (ML) technology which transforms and integrates spend data down to the line item product detail, securely ingesting it from all financial and ERP systems. This technology uncovers multimillions of hidden spend, presenting enterprise leadership with clear visualizations and reports to enable immediate action. 

CXO Nexus’ CIO InCight™ is built on its patent-pending Nexus Automation Engine. This platform engages AI and ML, Advanced Analytics, and Intelligent Business Process Management to organize and enhance Enterprise Vendor Spend data to enable strategic spend management. It eliminates the manual process of integration, normalization, and categorization of data, providing opportunities to reallocate resources, shifting from the onus of data processing to the end goal of data analysis.

The Challenge: Leveling up security and compliance

Building a secure culture is one of the core efforts for the CXO Nexus team, allowing them to maintain a security-first mindset throughout product development and new growth phases. They value building trust with their clients and want decision-makers to feel confident using their platform.

To show proof of their commitment to maintaining a secure fortress against the growing threat landscape and to uphold their compliance with SOC 2 Type II, CXO Nexus applies security best practices using highly respected automation tools and independent attestation.

Similar to most savvy startups, overseeing security and compliance is a key concern, and resource constraints which often require an overlap in responsibilities (e.g., managing projects, establishing and maintaining efficient workflows, and developing internal technology and offerings) can overshadow the attention to security if not addressed appropriately. Investing in quality independent solutions for penetration testing affirms the robustness of information security programs and the application of best practices and does so without the influence of internal forces.

The Solution: Security testing that aligned with internal expectations

Dissatisfaction with a prior penetration testing vendor warranted the search for a new solution. With the recommendation of a trusted partner to engage Rhymetec, and after evaluating other vendors, the security team at CXO Nexus was impressed with the technical knowledge and level of care Rhymetec’s Penetration Testing team provided, which mirrored the same commitment to excellence promised to their clients.

After two Penetration Tests were conducted for CXO Nexus, the thoroughness of each test, the excellent documentation of potential vulnerabilities, education on remediation alternatives, and overall support for ensuring a secure environment were all factors that secured CXO Nexus’ continued relationship with Rhymetec. Rhymetec’s enhanced reporting dashboard allows users to log in to a centralized location to easily navigate and access real-time results, creates transparency in the process, and enables easy and open communication between testers and CXO Nexus—something not seen in previous engagements.

The Results: Meeting requirements, improving trust, and enhancing product development

CXO Nexus engaged Rhymetec for Penetration Testing to support their need to provide the necessary security evidence to customers—many of them in the financial services and healthcare industries—of a safe and secure environment. Penetration testing also fulfills a requirement to maintain their SOC 2 Type II. In working with enterprise businesses and Fortune 500 companies, a robust information security program is a critical expectation. Conducting a penetration test solidifies their security standards and allows clients to feel confident in working with CXO Nexus’ platforms.

Penetration testing supports a security-aware mindset when standing up new business environments, alerts the team to potential vulnerabilities, and highlights areas of concern when setting up new environments. Rhymetec’s new testing dashboard acts as a good point of reference to help avoid them in future deployments.

Annual penetration testing with Rhymetec helps CXO Nexus build trust with their clients and enables the team to feel a high level of security and comfort.

“The dashboard was great, it was a place I could return to get more clarification and get the best results the quickest. It was the ideal centralized location for information to be passed back and forth between our teams.”

-Becky Klein, VP of Technical Operations, CXO Nexus