Legal technology veteran Eliza Hedegaard is to join Saepio Information Security from Mimecast, we can reveal, reprising the role of account director at the UK-founded managed services, advisory and technology implementation company.
Hedegaard starts in the new role at the start of October and will be focused on building Saepio’s presence across the law firm market. She will be helping firms to build a holistic risk management and security strategy, based on Saepio’s three-tier ‘policy, people and product’ approach to information security. Within the public domain, Saepio counts UK top 150 law firm Wright Hassall among its law firm customers and global accountancy firm BDO within its professional services customers.
Speaking to Legal IT Insider about the new role, Hedegaard, who has worked at Mimecast for over 15 years, said: “I’ve always tried to help customers with their risks and business challenges, but until now I’ve only really been able to help with email. Most of the larger firms don’t need help with cyber and information security strategy but could still benefit from help navigating the tooling and services markets. In smaller firms, however, I think there’s much more a need for a trusted partner to help guide strategy and augment their IT efforts with the right security resource. At Saepio, I’ll be well placed to take a comprehensive view and advise on how to address those risks.”
Saepio encourages its customers to take a holistic ‘end-to-end’ approach to security based on an understanding of their baseline requirements, and Hedegaard said: “One thing that’s become very apparent over the years is every firm is different in what they’re trying to achieve with security. They also have different reasons for doing things, often driven by client requirements or meeting regulatory requirements. Understanding acceptable risk is something Saepio do well, making sure that efforts match what firms are being asked to do. Understanding their baseline, what their desired maturity is and then augmenting firms’ efforts to achieve that desired state. Saepio recognises that every client needs help in different ways, but always consider implications across people, technology, and process in recommendations, which was important for me.”
Around 85% of Saepio’s customers work with the company in this end-to-end way and many leverage Saepio’s virtual CISO (vCISO) model, where CISOs are hired on a retainer basis. The 2016-founded company has 650-plus UK private companies on its books and around 55 law firms, where the average size is currently around the 250-employee mark. Hedegaard’s son Joseph Hedegaard-Ganly is a solutions architect at the company, which is led by co-founders Robert Pooley and Andrew Pitt.
Hedegaard is one of the best-known names in the legal IT sector and has built up Mimecast’s customer base to include all of the UK top 50 law firms. In terms of leaving the company she told Legal IT Insider: “Making the decision to leave was incredibly difficult as you can imagine. Mimecast has been a significant and joyful part of my life. My children were small when I started there and are grown up now. I was employee number 19 and have been part of Mimecast’s massive growth, along the way working with some incredible customers. I even had the privilege of being at the IPO in New York when the bell was rung on the NASDAQ. But joining Saepio will give me the opportunity to expand on what I’ve done for the past 15 years at Mimecast with email. It’s an opportunity to talk to firms and understand holistically where their security gaps are, and to help them plug those gaps.”
Hedegaard says that Saepio’s ethos very much accords with hers, commenting: “Saepio has structured themselves so that account directors are incentivised on retention and client satisfaction. The priority is keeping customers happy and really understanding their requirements, rather than selling loads of stuff up front. That is how I’ve always worked. Looking after my customers has always been my number one priority.”
Saepio works with a fairly lean portfolio of recommended vendors across 18 key security areas with a maximum of two vendors in each area. Hedegaard said: “Something that was a major draw for me was Saepio’s approach to their vendor portfolio. Representing a small number of carefully selected vendors means that they can help customers properly install and operationalise those tools. Like most technologies, including Mimecast, it’s not just the tool that’s important, but how well deployed and tuned it is. For me, that was really important and is an approach that more mature firms are finding valuable instead of several vendor parades per project. It was of course important to me that the portfolio includes Mimecast, which gives me the ability to keep a relationship with both Mimecast and the customer base that I built there.”