Outpacing Evolving Security Standards and Cyber Risks With Custom Security Solutions

  • Industry: Digital Creative Agency
  • Services and Frameworks: SOC 2, GDPR, CCPA, vCISO

Location: New York, NY
Date Founded: 2002
Number of Employees: 36
Working with Rhymetec & Drata: Since February 2023


The Company: A Creative Powerhouse Accelerating Brand Building and Success With Thoughtful Design 

Modicum is an independent digital creative agency making big strides for global brands for over 20 years. They’re a powerhouse of creative thinkers and problem solvers working hard behind the scenes of product launches and brand building at major companies like Google, Samsung, and Quizlet. 

Pivotal to Modicum’s success in partnering with some of the world’s best brands is their mentality of service: They prioritize developing deep, long-term partnerships, and their team operates as a seamless extension of the brands they work with. This ‘one-team’ mentality poises them to craft designs and strategies with precision, fine-tuned for the audiences they engage.


The Challenge: Proactively Finding Security Solutions For A Small Team With Big Goals

Modicum has been around since before the field of cybersecurity as we know it today even existed – before most organizations knew what a CISO was, before the term’ dark web’ existed and before the alphabet soup of compliance requirements emerged. With their knack for seeing where the trends are heading, they saw the writing on the wall, or rather, the writing on the information security documentation. Even before there were relevant formal standards and regulations around information security for their sector, Modicum proactively took steps to ensure their own security and their clients’ security by building in-house IT solutions.


“It’s worth an investment to buy a good lock for your front door. It’s worth protecting yourself and your clients’ sensitive data – the risk is too high not to.” 
– Kevin McDonald, Finance Manager, Modicum

Every year, requirements around data security clauses grew, new versions of compliance frameworks were released, and security questionnaires took longer to fill out. They saw it was only a matter of time before requirements in data security started filtering down to contractors and sub-contractors. They recognized that their existing IT infrastructure could soon become a bottleneck.

Given the household name brands Modicum works with, investing in robust security was all the more vital. When you partner with big brands, you have to play by their rules. They are huge targets from both a regulatory and a data protection standpoint. And there’s a lot that needs to be protected.


“Cybersecurity is essential…It’s an investment that needs to be made, and you need to figure out what your risk tolerance is and your client’s risk tolerance. You’re playing a probability game with cybersecurity. There’s a target on your back, and it’s a matter of when, not if. You will have threats – we see them on our dashboard, we get the suspicious phishing attempts, we get the spam attempts.”
– Harry Karamitopoulos, President, Modicum

When you’re a small business, there’s a delicate balancing act between security and budget. While large enterprises can spend millions on in-house security teams with many highly specialized individuals, small businesses are often left behind with the risk of being a prime target. Modicum needed broader, more robust security solutions—and quickly—to meet the needs of their stakeholders before even being asked to meet them. 


The Solution: Auditor Favorite Tools To Alleviate The Complexities of Compliance

As Modicum saw these shifts unfolding, their overarching goals were to 1) Simplify and upgrade their security infrastructure and 2) Invest in more robust security, employee training, and frameworks like SOC 2. They sought out a security solution that would enable them to provide robust answers about their security to prospects and give them increased visibility across teams into potential threats. For Modicum, the cost of a compliance tool, plus hiring a vCISO who had access to a team of experts, greatly outweighed the ROI of hiring an in-house security team.


“You can rely on a single individual, or you can have the benefit of a whole team of deep expertise and process knowledge. It’s a small investment when you’re considering in-house resources versus an entire team available on call at a fractional need – the ROI is really compelling.” 
– Harry Karamitopoulos, President, Modicum

That’s where Rhymetec and Drata came in. Rhymetec’s
vCISO services, in synchronization with Drata’s compliance automation platform, provided Modicum with the perfect balance between security and budget, enabling them to cross the finish line with their SOC 2 audit and fast-tracking them to compliance with important regulations, including GDPR and CCPA. 

Rhymetec’s tailored, hands-on, managed security services combined with Drata’s compliance automation platform worked in tandem to provide the ideal solution for meeting enterprise standards. For companies like Modicum, having robust evidence of your cybersecurity program directly influences many decisions by prospects that can lead to big business outcomes. 

Drata was used as a foundational source of truth throughout their compliance journey, particularly as Modicum came closer to their audit. Modicum chose to work with Drata because they recognized that the best platform is the one that makes everything as easy as possible for the auditors themselves. By centralizing everything in one place where auditors can easily access all relevant information, Drata enabled Modicum to work frictionlessly with auditors. 

Rhymetec acted as an extension of Modicum’s team and took critical steps to enhance the organization’s security posture and fulfill compliance gaps from previous IT efforts. As a fellow small business, Rhymetec was uniquely positioned to understand Modicum’s pain points and accordingly craft custom solutions:


“We like to pick partners where there’s a lot of mutual respect and a shared vision of what needs to happen. Rhymetec and Drata are in that ecosystem. They check all of the boxes, and they get the small business pain points.” 
– Harry Karamitopoulos, President, Modicum


The Results: Headlights On A Dark Road: Tools To Provide Effective Compliance Navigation

Modicum emphasized how much easier it is to get through vendor questionnaires now that they have proof of security like SOC 2 from the streamlined processes powered by Drata. For each new prospect, “...you can either fill out a 14-tab spreadsheet, or you can tell them that you’re SOC 2 Type 2 compliant“. Compliance has been a huge business enabler, enabling them to avoid getting bogged down by intricate security questions that would otherwise take a long time to answer. Plus, the value of protecting the sensitive data of both their own companies and their clients is well worth the investment:


“Especially as you bring in more employees, the human risk factor starts to increase…You need systems and protocols, you need management tools, you need transparency and dashboards and notifications. Not investing in cybersecurity is like driving a car with no signals, no headlights – you’re just going down a dark road. You know you’re going to crash at some point. Wouldn’t it be better if you had some visibility into what’s going on?” 
– Harry Karamitopoulos, President, Modicum

One of the first things Rhymetec did for Modicum was build out a library of
security policies and processes for their organization and utilize Drata’s Policy Center as a centralized location. You’re always busy when running a business, and finding time to pinpoint all security policies and document them is difficult. Rhymetec’s ability to facilitate this process while utilizing Drata was pivotal for Modicum. 

Having these policies and processes already in place has simplified employee training and streamlined transactions with partners, auditors, and clients. Modicum was able to realize time savings and peace of mind from leveraging Drata as a foundational source of truth. Plus, the documented policies and procedures provided a level of visibility into the specific set of risks relevant to their organization that small in-house security teams couldn’t provide. It aided in creating a culture that emphasizes security and transparency.


“That’s the heavy lift. That’s where there’s a huge efficiency from Rhymetec and Drata. Even if you have a real expert on your staff who’s great with IT and security, they don’t have time to document everything. Even though we had great controls in place before we did this journey, it wasn’t documented, and it wasn’t certified. You try to explain that to an auditor…People barely have time to get through their inbox and chats, let alone sit there and write tomes on security procedures.” 
– Harry Karamitopoulos, President, Modicum

Working with Drata’s platform and Rhymetec’s highly experienced team helped fast-track Modicum to cross the finish line for several frameworks, streamlined robust documentation of security policies, and sharpened their overall security posture.