Pratum Blog

2019 Prometheus Awards CEO of the Year

The Technology Association of Iowa Announced the Finalist for the 2019 Prometheus Awards

Dave Nelson, CEO at Iowa-based cybersecurity firm Pratum, has been named a finalist for the 2019 Prometheus Awards’ CEO of the Year. The most prestigious recognition for Iowa’s technology industry, The Prometheus Awards presented by LWBJ brings together leaders from technology, business, education and government to celebrate the year’s most momentous innovations.

The winner in each of the 14 award categories will be announced during the Prometheus Awards celebration on Thursday, April 11, 2019, at the Community Choice Credit Union Convention Center in Des Moines.

Here are the 2019 CEO of the Year finalist:

  • Jim Masterson, LightEdge Solutions
  • Ben Milne, Dwolla
  • Dave Nelson, Pratum
  • Hank Norem, Maple Ventures
  • Beth Trejo. Chatterkick

Reserve a table or purchase individual tickets here.

Learn More About Prometheus Awards
Smart Security Video Series with Pratum and The Technology Association of Iowa

Pratum, Iowa-based information security consulting and managed security services firm, today announced its cybersecurity video series partnership with The Technology Association of Iowa (TAI). The monthly series “Smart Security” will consist of 60-90 second videos providing viewers with cybersecurity content delivering actionable takeaways and thought-provoking ideas.

"TAI is excited to partner with Iowa cybersecurity leader, Pratum, to produce a new monthly video series “Smart Security”. TAI members will learn information security insights from Iowa professionals and gain the knowledge needed to protect a company's most valuable asset: its data," said Brian Waller, President of The Technology Association of Iowa.

New cybersecurity videos will be delivered each month through the TAI Newsletter and social media channels. The videos encourage executives to think strategically about cybersecurity and how it impacts their business.

“You can only cover so much in 60 to 90 seconds, but the goal is to get the cybersecurity dialogue started. For those who want more information, each video will be accompanied by supplemental written content with more comprehensive insight,” said Dave Nelson, President and CEO of Pratum.

“Smart Security” will debut January 31, 2019 in TAI’s monthly newsletter. To subscribe to the newsletter, visit

Vendor Management

Vendor Management is receiving a lot of attention due to the increase of outsourced technology services. Vendors can provide great value, but they can also introduce a high level of risk. The 3rd annual “Data Risk in the Third-Party Ecosystem” study released by the Ponemon Institute found that 59 percent of companies surveyed reported a data breach by the action of a vendor.

If you’re part of a large organization that doesn’t have an established vendor management program, your head is probably spinning thinking about all your vendors and how to assess them. Even in smaller companies it can be an overwhelming task. It takes time to mature a vendor management program, so take a deep breath and follow these steps to get started.

1. Identify Your Vendors

Work with each business unit or department to develop a list of their IT vendors. It is also important to get a short description of the type of service being provided. If you are part of a large organization, it is best to start with critical IT vendors.

If you answer YES to any of the following questions about a vendor, add them to the critical list.

  • Does the vendor have access to your organization’s network or systems?
  • Does the vendor have access to your organization’s data?
  • Does the vendor have access to Personal Identifiable Information (PII), Personal Health Information (PHI), etc.?
  • Does the vendor have an impact on the availability of your systems/data or play a critical role in keeping the business running?

2. Prioritize Your Vendors

Once you have identified your vendors and categorized them based on access level, identify the criticality of the service they provide. If their services became unavailable to you, how would that impact your organization? How long could your organization continue doing business without their service? Your vendor’s ability to respond to a crisis or disaster may have a direct effect on your organization’s business continuity efforts. Prioritize your list of vendors to match their importance to your business operations.

3. Create a Schedule and Process

Most organizations don’t have the time or resources to simultaneous audit all their vendors. If necessary, create a schedule to extend the efforts over the course of a year. From your prioritized list, create a timeline that outlines which vendors you are going to audit and when. You may start with only 2-3 vendors a month, and that is okay.

The second part is to create a process and a plan that includes at a minimum the following:

  • Establish the owner of the vendor relationship. This individual is responsible for communicating with the vendor, collecting the information, staying on schedule, etc.
  • Understand the type of information you will be requesting. This could be compliance/security reports (SOC2, HITRUST, ISO, etc.) or your organization may require the vendors to complete a security questionnaire.
  • Create a form to document the assessment and track results. This form can be provided as evidence for the vendor review during a compliance audit.
  • Know where the information will be stored. Designate a central repository for all information pertaining to that vendor. This helps to keep the assessment organized and efficient.

4. Track & Monitor Vendors

You will likely identify at least one vendor that doesn’t adhere to best practices to adequately safeguard your organization. If you decide to continue with their service, make sure they have a remediation plan for the security gap and track their progress to ensure a timely resolution. Vendor management is an ongoing process. Some gaps can take months to resolve, so having a process in place to track them will help immensely.

These steps give you a high-level overview of auditing your vendors. Critical IT vendors should be audited on at least an annual basis to ensure their security is evolving with growing threats. Keep in mind, it takes time to mature a vendor management program. It’s impossible to eliminate all risk from your vendors, but there are ways to manage it.

For help with Vendor Management and Information Security Assessments:

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.