Sicura

Sicura is a security control management (SCM) platform focused on automating compliance and secure configuration enforcement for IT infrastructure. The company originated inside the NSA, where co-founders Lisa Umberger and Kendall Moore developed a framework to streamline the Authority to Operate (ATO) process. What began as an internal solution was later open-sourced and evolved into a commercial platform serving federal government agencies and Fortune 500 enterprises. Sicura's platform enables organizations to continuously monitor configurations, detect deviations in real time, and maintain compliance across their entire infrastructure. Key capabilities include automated security hardening, compliance enforcement, and end-to-end visibility into the compliance state of IT systems. The platform supports multi-tenant environments, making it applicable for managed service providers serving federal customers. The company targets organizations with complex compliance requirements, including U.S. government agencies (such as the U.S. Army's DEVCOM C5ISR), large financial institutions, and technology service providers like IBM Managed Services. Sicura positions its tooling as a bridge between security and engineering teams, addressing the operational friction typically associated with compliance processes—such as manual scan result reviews and fragile configuration workarounds. The company reports reducing compliance timelines from 12 months to approximately 2 months for some customers. The founding team and staff include veterans from the U.S. Intelligence Community, Fortune 500 companies, and security and automation disciplines.