Authored by: PlexTrac Author Posted on: March 29, 2022 Dan DeCloss, PlexTrac: “teams without consistent communication are more prone to a serious breach” Read the Cybernews Interview with Our Founder and CEO The importance of communication among employees and teams is disregarded by some companies. However, it’s crucial to promote it and ensure awareness and efficiency when it comes to an organization’s biggest threats, vulnerabilities, and findings. Read the original story from Cybernews. Without the right cybersecurity tools, it’s nearly impossible to maintain digital security within your organization, and, what’s more, it’s even harder to retrace the roots of the threat. And, considering that it’s a tough case for a single individual, team effort promises much better results. While implementing antivirus software to fight against malware is a step to take for individual users, businesses should consider more complex security solutions, one of them being a teaming platform. To learn about such security measures and their benefits, we reached out to Dan DeCloss, the Founder and CEO of PlexTrac – The Proactive Security Management Platform. How did the idea of PlexTrac come to life? What has the journey been like since your launch? I started building PlexTrac to solve some of the pain points I experienced as a penetration tester and then as a program director. I hated writing reports and hated receiving 300-page documents. It felt like a very inefficient way to deliver and collaborate on some of the highest risks an organization has related to its security posture. So I set out to solve the problem of automating the report writing process with a more collaborative platform for resolving the reported vulnerabilities. I soon saw that the concept I created for my own needs could help the industry as a whole and grow to encompass much more than what I originally envisioned. From there, things have just exploded as PlexTrac gained some awesome early adopters and amazing investors. Building a team of rock stars that have taken PlexTrac far beyond what I could have imagined has been incredible. Can you tell us a little bit about your PlexTrac platform? What issues does it help solve? PlexTrac is a proactive cybersecurity management platform. It is designed to be an end-to-end workflow management solution specific to the needs of the cybersecurity lifecycle. The primary use case was a reporting platform for pentesters to streamline their processes by bringing data together and providing an accessible database for reusable findings with a client portal that could ultimately eliminate the need for static documents. The platform has grown into a solution that supports purple teaming and proactive security assessments, data aggregation and analytics creation, assigning and tracking remediation and communication between internal and external stakeholders. PlexTrac can make nearly any security practitioner or team more effective, efficient, and proactive. We aim to keep everyone focused on the right things daily. We help eliminate the noise and wasted time on tasks that don’t move the needle in security improvement. What technologies do you use to assess one’s cybersecurity posture? PlexTrac allows teams to prioritize, assign, and track remediation tasks to measurably improve and attest to their posture. We integrate data from the most popular security testing tools, including vulnerability scanners, pentest-as-a-service (PTaaS) platforms, breach and attack simulation tools, and provide a robust capability of custom ingestion of data from any form of proactive assessment. From there, PlexTrac provides the mechanism to track the progress of remediating the most critical vulnerabilities which result in real-time analytics that reflect an overview of their progress and posture. Analytics and visualizations allow companies to have better visibility into what their biggest gaps are and how they are trending over time. Do you think the pandemic affected the way people approach cybersecurity? I think that the pandemic has made issues in cybersecurity more visible to the general public. Supply chain attacks, for example, have brought interruptions to the lives of everyone and raised awareness of cybersecurity. For the industry, I would say that the pandemic posed an immediate challenge of supporting and securing a fully remote workforce and dramatic increases to online transactions of all kinds. Companies had to think creatively to manage these challenges with restricted resources. I think that organizations quickly realized the importance of their security measures and adjusted to prioritize them as best they could. In many ways, PlexTrac is filling an essential need at the right moment as it helps teams make the most of their resources, have better visibility into their security posture, and act more proactively and strategically to prioritize remediation – all things that have become essential to securing against the rise of ransomware and other threats that have become more prevalent since the pandemic. What are some of the most serious problems that can arise if one’s cybersecurity team doesn’t have appropriate communication platforms in place? One of the biggest challenges facing the cybersecurity industry, and more specifically cybersecurity teams, is communication silos and the lack of quality collaboration. These silos and a lack of information sharing across the security department lead to inefficiencies in the work being done, a lack of cohesion and unity across the team, and a weaker security posture as a result. Teams without healthy and consistent communication are less mature and more prone to a serious breach. Red and blue teamers have one of the most important relationships on the security team, and they’re two groups that have tended to have a more adversarial relationship without a lot of visibility into the other team’s activities. Changing the communication paradigm to be much more collaborative is essential as everyone needs to be in the know about an organization’s biggest threats, vulnerabilities, and findings, and the work that needs to be done to remediate those threats. In your opinion, why do certain companies still struggle with improving their security posture, despite all the solutions and providers available on the market nowadays? I’d say the biggest issue is information overload and the vast amount of work that must continuously be done. While there are many tools and providers, few solve administrative issues specific to cybersecurity work. Organizations need to be able to understand their environment and the threat landscape and prioritize the most important work. The ongoing talent shortage means even very well-resourced programs will have more work to do than they can ever get done. This can lead to burnout and loss of morale. PlexTrac addresses this very issue by helping teams gain insight into their posture so they can prioritize the most critical issues and track those through to remediation and improve morale by empowering teams to be more effective. What cybersecurity best practices do you think are crucial for every company nowadays? One best practice we see many of the most mature security teams on the planet doing is investing in and moving towards a proactive mindset for security. This includes adopting a practice of continuous assessment in short iterative cycles rather than a once-a-year penetration test, conducting tabletop exercises and other purple teaming activities, developing a habit of consistent testing and communication, and more. This allows them to focus on the biggest gaps and collaborate quickly to improve their security. Talking about average Internet users, what security solutions do you think everyone should implement? The first piece of advice I’d give to every single person on the Internet should be using multi-factor authentication (MFA) on all of their accounts to ensure there’s a backup plan in case someone is able to crack your password from their device. Many platforms require MFA nowadays, but if you haven’t set it up yet that’s a good place to start. Another tip I’d give everyone reading is to maintain good password hygiene by using a password vault like 1Password or LastPass. These vaults let you use different passwords for each account and generate passwords for you that are long, complex, and not easily guessed by bad actors. Password vaults are a great solution for the average Internet user to realistically maintain secure accounts. The last thing I’d say is to NEVER click that link. Any link that you can’t confirm is legitimate, especially in your email or sent to your phone, is one you need to delete and/or report to your company’s security team. In today’s world, there are phishing attempts everywhere, and if the message looks questionable or you’re not sure where it came from, odds are it’s an attempt to steal your information. Would you like to share what’s next for PlexTrac? Starting with the platform, we’re doubling down on what makes the product great and expanding PlexTrac’s functionality for new use cases and features that align with our mission to help security professionals win the right security battles. PlexTrac is also heavily driven by customer feedback and requests, and we use that information to influence our product roadmap. Our goal is truly to mature and evolve the platform to continue to meet the growing needs and maturity of the industry as a whole. And yes, this also means we’re hiring! PlexTrac has been and will continue to invest in bringing top-tier talent across the entire organization and in every department, from Customer Success, Engineering, Marketing, Sales, and everything in between. If you’re reading this and are interested in joining the PlexTrac family, visit plextrac.com/company/careers to see our job openings and apply today. Read more from Cybernews Click here to learn more about Cybernews and their many resources for all things cybersecurity. PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
5 Signs Your Vulnerability Management Program Isn’t Ready for Continuous Threat Exposure Management (CTEM) The buzz around Continuous Threat Exposure Management (CTEM) is everywhere right now, and for good reason. Organizations are realizing that traditional vulnerability management, built around periodic scans and reports, can’t keep up with today’s attack surfaces. READ ARTICLE
From Findings to Fixes: Bridging the Gap Between Pentests and Vulnerability Management Penetration tests are one of the most valuable tools in a security program but also one of the most under-leveraged. Every year, organizations invest in pentests to identify real-world attack paths, validate defenses, and uncover high-impact vulnerabilities. Yet too often, those insights end up trapped in PDF reports, disconnected from the tools and processes that... READ ARTICLE
Master Pentest Reporting: Join the 2025–2026 Penetration Testing Report Writing Bootcamp In July 2025 we kicked off our first Penetration Testing Report Writing Bootcamp at BSIDES Albuquerque after hearing prospects and customers share a common pain point: There just aren’t many opportunities for continuing education in the security reporting space. It’s not that courses on report writing don’t exist, but most are either entry-level refreshers or... READ ARTICLE