158: Focus on Growth, Security, and Brand with Tracy Gregorio

Tracy Gregorio is the Chief Executive Officer of G2 Ops, Inc – an engineering firm providing clients with cost-effective, model-based cybersecurity solutions tailored to deliver capability against the emergent threats of information warfare. We discuss the evolution of cybersecurity, how to evolve your business into a product company, and the three most important priorities in every business.


Listen to the podcast here


Focus on Growth, Security, and Brand with Tracy Gregorio

Our guest is Tracy Gregorio, the CEO of G2Ops Inc, a fast-growing cybersecurity company that helps companies stay ahead of cybercrime and IT threats by identifying and measuring weaknesses before incidents occur, then providing remediation priorities based on individual business and financial risk thresholds. Tracy, welcome to the show. 

Thank you, Steve. Great to be here. 

Well, you’re not far from me. You know, I’m in Richmond, Virginia. You’re down in the Virginia Beach Hampton Roads area, so I rarely get guests who are close to me. Maybe I should have done this in person, but now we are doing it virtually. So tell me, Tracy, a little bit about the entrepreneurial journey that you have had, your path to running an Inc. 5000 company. How did that happen?

Oh, thanks, Steve. Great to be here today. Yeah, it’s been a great career that I’ve had and, you know, I took an early interest in computers, you know, that great high school teacher introduced me to computer programming. And then my dad also had, he kind of had saw that it was going to be a need and that technology was going to be leading a lot about database management. And, you know, as I reflect back on my career, I really I like solving problems, managing projects, said yes a lot to your managers, you know, “Who wants to leave this or solve that?”

And I think I just got to learn a lot about business throughout my career. You know, when you manage people, you learn about human resources, budgeting, management. And that all, you know, helps you when you do want to launch a business. I think just saying yes and learn how to maximum resources, so I always treated employer’s budget or whatever they asked me to manage as kind of my own, which is what entrepreneurs do. You know, how can I maximize this and, you know, this investment, no matter who’s making it.

That’s right. So. But that doesn’t necessarily mean that you’re going to run a company. 


So how did that happen? 

Right. This is our 10th year for G2Ops. And my husband actually wanted to do something together. And he saw a need, model-based system engineering, which I know we’ll talk about soon, is a methodology in system engineering. When things are built, what are the requirements you’re trying to meet? How do you design them? How do you test them? How do you bring in, you know, new capability? That’s our focus, and a lot of big companies do that very well. You know, banks, you know, Amazon, you know, they manage all their resources globally and understand what they have, but the Department of Defense and the Navy, you know, sometimes they’re a little bit behind using technology.

And we just saw a gap and we said ”We’re going to go after that niche in system engineering and understanding requirements and how things are affected from a cybersecurity standpoint.”So that was what that’s “We went in with that, you know, made an investment ourselves to launch the company. And anyway, it’s just been doing good work has led us to where we are. So, yeah, it was a risk. You know, it could have gone a lot of different ways, but you put time in it and effort. And anyway, it’s a good experience, been a good experience, always learning, though.

Well, you make it look easy to the outsider, but I’m sure it wasn’t like that. So let’s talk about the framework that you have developed and built G2Ops around. So what is this mental model that you have kind of discovered or developed that allows you to grow your business and make it more powerful?

I think what I’ve learned over time is, you know, your team, your employees, you know, your vendors, anyone you work with, they like structure, and they like to understand your priorities. So we came up with three things, growth, security, and brand. And we wanna talk about those, we talk about them regularly. If I’m presenting it on all hands for the company, I’m talking about growth, security, brand. When our managers report up to us every week, let’s say, and report growth, security, brand. And so that’s kind of been our framework to how we write bounds around what we’re doing and try to move the company forward.

So why are those the priorities? I’m sorry to interrupt, but why are those three the priorities? Why are those three the most important in your mind?

Right. And you know, it’s funny because you said I make it sound easy. It is hard running a business. As you know, you always get hit with things unexpectedly. Like right now we’re going through an audit, you know, we’re a defense contractor, the government looks at everything, they’re going through 2021, it’s just hard, you know, always, you know, I’m trying to focus on the future, but then I got to look back, you know, what should be the three priorities. But growth is about increasing revenue, having new projects for employees to work on.

Growth is about increasing revenue, having new projects for employees to work on. Click To Tweet

You know, they want to work on their career, you know, what’s going to challenge them, you know, give them different, you know, opportunities. And then when you focus on growth, it’s innovation, you know, how are we going to do things differently? Growth is also retaining these employees that we have. I can’t grow. We don’t have have that employee base. And then growth, you know, it’s good for the economy. You know, we’re in three different cities. Our offices, San Diego, Arlington and Virginia Beach. You know, so we make relationships with, you know, economic development officers.

How can they help us fuel growth? So growth covers a lot of things, and it brings energy to your company. We focus on the Navy. We’ve expanded to the Air Force now. Now we’re looking at Space Force, and it excites our employee base too to see that. So it’s not just growth for gross sake, it’s just healthy. And then on the security side, you initially think, “Oh, I got to protect my customer data, my assets.” We initially think physical security, cybersecurity, but it’s also security of your cash flow, right? So we are very rigorous on these processes. How do we do invoicing? What day does it have to go out? And following those processes.

For onboarding new employees, what’s everything that has to be accomplished so we don’t miss something? So we’re very process driven. We kind of system engineer, not just for our customers, but our own company. And that gives you security in many ways. So the theme this year, and it came from a book I was reading was routine set to fray. So you can focus on other things. So security is, you know, of course, physical and protecting our customer data, but then also the security of our company and the future of it. And then the brand, when we first started, it was like, let’s think like a Fortune 500.” We hear about those companies all the time. We respect them.

They invest a lot in their brands and it’s how they talk about themselves, present themselves, but it’s also, you hope, the quality they’re delivering to their customers. You know, when you think about the customer service of some of these companies. So we said, we want to differentiate from our competitors. We’re small company, but let’s not act like one and let’s not use it as an excuse, “Oh we’re small. Sorry, we made that mistake.” Our goal is to have a higher perceived value and really attract very, very good talent, you know, a players because they like working around other great people. So smart people working around other top talent, you know, keeps them at the top of their game too. So that’s how we came up with those three little words, you know, gross security brand and it encompasses quite a few things, but it’s helped us with our roadmap.

Smart people working around other top talent keeps them at the top of their game too. Click To Tweet

Yeah, I love it. You’re talking my language of the Fortune 500, the visioning, setting this higher standard. I was watching this Netflix series on Spotify recently, and it was amazing that they built Spotify by hiring the best people, which meant they went out and they out-offered those people, even though they had nothing, but they just wanted the best engineers, they wanted the best PR person, the best lawyer, the best artist, so that they know that if they get the best people together, they’re going to figure it out. They’re not rest until they are going to be, make the company the best as well. So I love that philosophy. So, I was reading your website and, I was really struck by this idea of talking about products. So most cybersecurity companies, they are service-oriented.


They think about it’s all about maybe being a system integrator, bringing all those things together and especially when you serve the military, the Navy, big defense contractors, you want to play it safe. And the tendency would be to go after those already proven outside products and bring them on. But your strategy seems to be that you have your own products, you’re developing your own products. So tell me a little bit about what inspired your team to develop your own products and what is your strategy there?

So yeah, you fall into it. Then you’re like, wow, I’ve got something here that other people may find useful. So we use model-based system engineering as a methodology. It’s an application. It’s tools. It’s big databases. But a lot of the tools we use have, you know, APIs that allow us to, you know, add capability to them. And then, so when we’re doing the system engineering work, how can I bring information in from my customers in a better way? I may create capability for one customer. Oh, how can I use it across my other growing customer base? One, to drive down costs for them, but to improve our capabilities.

We hire a lot of engineers electrical mechanical system, but then there’s a whole software component to To make things run a little faster And you know we collect a lot of data because we manage complex systems And how they’re integrated you know hardware software cables you know how they’re how they’re integrated together and we’re like “Wow what can we do with all this data?” It’s pushed us to develop products and the government has a small business innovation research program. It’s a congressional budget and how can we invest in these small companies to develop some products using. So it’s data we’re collecting from our customer like, “Wow, we can take that data and then help them even look into and visualize their cyber risk across these systems.” And, or one of our newer projects is how come they build resiliency, cyber resiliency into the product.

So we’ve created these tools and they’re very, you know, they’re in use, they’re for a particular customer. You know, we had no, we didn’t know we were gonna be a product company. And, you know, now Steve, we’re kind of at a crossroads. Are we going to, you know, productize, commercialize, who else could use them? I mean, that would be an investment by us You know, is it a platform as a service software as a service so we’re really going through that Review and research right now internally so but but products You know, they brought energy gives us something else to talk about to other potential customers, you know, “Oh we have these additional capabilities that come with G2Ops, you know, when you use us.”

I love what you’re saying. I’m making a lot of notes, which maybe I’m not supposed to on a live podcast, but I can’t resist. I love this idea of turning yourself into a product company, then turning your products into a platform, and then you’re selling the platform as a service. One of the great examples, Adobe, who started out with the Photoshop and some simple things, and then they kept adding things, and then they turned it into a subscription platform. And now a multi-billion company, and essentially for graphic artists, they are indispensable. So how do you make that? That is fantastic. So one thing that you mentioned here is this idea of collecting data and building cyber resiliency into businesses. And I was reading your website and you talk about the digital twinning. And I mean, I looked around a little bit to understand a bit more, but I’m still not there. Can you explain what digital twinning means and how does it help companies create this cyber resilience?

Ok. Yeah. And you’ll see a lot of different definitions of it. I have. I’ll give you what we’re doing. And so a lot of times customers, when you think about, I’ll just use a submarine for example, okay, because we’re, you know, that’s, we support the fleet there. You know, a submarine is a puzzle and the components of the submarine are built by companies all across the United States. Hopefully not too many outside, but anyway, and then, you know, like Electric Boat or Newport News Shipbuilding, they’re the ones, you know, pulling it together and, you know, putting this puzzle together.

Well, some of our customers oversee some of the complex systems, all right, within, all right, like navigation or communication, all right, or sonar. And these are complex systems that have been developed in a silo, all right, say by the big companies Raytheon, Lockheed Martin, you know, and you know, how are they coming together? All right, you know, data has to be shared between these systems. All right. And we build what’s called a digital twin, all right, of the hardware, software, interfaces, the cables, okay? Everything. So the twin exists in a database. So here’s what I’m building or here’s what is on my ship today. All right. So it’s a digital twin of it. All right. Living in a database, secure database. And then if I make a change, upgrade, all right, or replacement, or what, how does it impact me from a cyber posture standpoint?

So it’s kind of a simulation?

Yeah, and it’s different. It’s not 3D, digital twin, okay? It’s really showing, you know, how they’re connected, all right? So how we talk to each other. What are the requirements for this for one system to talk to another? What are the requirements? How is that met? It’s met by this software or I’ve got to use this type of communication mechanism. So we help manage all that complexity and allow them to do anything about it. All right, because the ship’s got to get underway or we need it or it’s deployed. But it gives them information about about the cyber posture. That’s just a very simple example. So we don’t we’re not actually touching the equipment. We’re not on the ship. All right, but we are creating a digital twin.

Is it about modeling the relationships and thinking about and visualizing it?


Or is there maybe a way to test these things as well?

Exactly. And our customers use that model, that digital twin, for different reasons. Some it’s all about cyber. Some it’s configuration management. Some it’s reliability planning. So, and that’s what, you know, our company, we can do it. Once you’ve made that investment, what else can you do with that data? So, we try to bring that to them. So, we talk cyber heavy on our website because that’s the number one thing, but there are other capabilities, you know, once you’ve made that investment and created that digital twin. And then you have to maintain the digital twin.

It’s very interesting. It’s, I mean, it’s very necessary, it sounds like. You’ve got these nuclear submarines out there and there’s so many systems on it. And if you don’t have a way to always visualize and test and kind of stress test your assumptions and what’s happening there, then you are exposed to risk and it’s really hard to correct. So you can’t afford to just go out and fix the submarine. They are out wherever in Asia and you can’t get to them. So they have to be foolproof basically, which is very hard. So I’d like to switch gears here a little bit and I’d like to ask you about your strategic partnering. So you are partnering with leading companies like Lockheed, AT&T, Oracle and you talked about this framework of the growth security brand applying to those partnerships as well. So how does that apply and how do you help your partners with these three things, growth, security, and brand?

So yeah, we, you know, first of all, you have to meet them, meet these companies. So it takes a lot of networking, you know, or you may hire someone who had worked there before, you have to get introductions. And, you know, tens of thousands of employees yet they’ll want G2Ops to do this one small project for them and and we’re thrilled and what we do, “Let’s do it well, let’s deliver it on time, on schedule, you know, on or under budget, and, you know, just build up our credibility with them.” And they come back to you time and time again for niche projects. And, you know, that’s kind of where we’ve honed in reliable.

And I tell even our back office, it’s not just our project execution or deliverables, but every interaction with them has to be, we don’t want to be a pain, you know, to work with. “All of their invoices are always wrong” or “They make other mistakes.” So, we try to, no matter who we’re interfacing at those companies, you know, try to deliver high quality so that we’re easy to work with and everything. So, and they like working with small businesses because sometimes they can get stuff done quicker Or they may not have an expertise or they can’t take people off other projects and so anyway, just AT&T was one we added, you know a couple years ago we speak at conferences.

I try to get our team out and someone will hear you you know at a conference and then call and want to meet. They require a lot of face to face and meeting and vetting because it’s their reputation too. But it’s just worked out well for us. So a lot of our work, we have our own prime contracts that we’ve won, you know, projects, you know, with the government, but then we also do a lot of subcontracting work for the bigs. We call them the bigs. And you learn a lot from them, too. What can we take away? What can we learn from them? They come for us for one thing, but what are they doing well that we can learn from? So it’s been very beneficial to us.

Well, that’s the beauty of the consulting business, that you’re always learning, and you get paid engagement to the customer, and you discover something and you can productize it and then you can sell it to another customer. So the more I think about this, three ideas, the growth security, the more I like it, because basically the growth is necessary. So we need to grow. We need to attract great people. Right. We need to become, be thought leaders. The security, we have to protect the downside.

So it’s OK to grow, but growth is risky. So we have to be mindful of the downside, make sure that we are hedging our risks. And then the brand. So that’s a big picture, the vision, you know, how are you going to be that company that what is your perspective, where you can grow to and what you can become. I love it. It’s fantastic. So, Tracy, tell me if listeners would like to learn more about G2Ops, Inc., about what you do, your guys’ work, where they can hear you, maybe conferences, your thought leadership. What can they do? Where can they go and how can they connect with you?

Okay. Yeah, we, of course, have a website, g2-ops.com. But we do spend a lot of time on LinkedIn. So G2Ops or my own, Tracy Gregorio. But that’s where we would post speaking, upcoming speaking engagements, what’s going on, you know, interesting things about who we’re working with. So those are the best two channels. We’re, of course, on Twitter and everything. But that’s where we, you know, promote most things. 

LinkedIn is the place. So go and check out Tracy Gregorio, the CEO of G2 Ops Inc. If you’d like to learn more about how they can help you with growth, security, and building your brand, and essentially system engineer your company so that it is going to go faster reliably and go to g2-ops.com or LinkedIn, Tracy Gregorio, you can check Tracy there and follow the company on LinkedIn as well, which you can do now. So then you will see all the speaking engagements. Fantastic, Tracy, really enjoyed having you on the show and I wish you continued success with growing into that Fortune 500 where you’re going.

Thank you, Steve. It’s a pleasure and best of luck to you too, and thank you for what you do. Thank you. 


Important Links:

This entry was posted in . Bookmark the permalink.