A Call to Redefine Incident Response Billy Gouveia on Recovery and Resilience

It’s hard to overstate how devastating ransomware can be. Just ask Billy Gouveia, CEO and Founder of Surefire Cyber.  

“We worked with a cancer clinic that got hit with ransomware on a Friday and had to figure out how to support patient treatments scheduled for Monday,” Gouveia recalls. “Ransomware events like that one and others that impacted hospitals throughout the pandemic will stay with me for a long time.” 

Ransomware brings financial costs from ransom payments and business disruptions along with human costs which are harder to measure. After an incident, employees have lower morale and more turnover. Customers suffer as well, especially when organizations provide critical goods and services.  

To Gouveia, the psychology of humans in crisis is one of the most important yet overlooked aspects of a cyber incident. “Think about the stress from having to work night after night, weekend after weekend for weeks or months,” Gouveia says. “Think about the guilt or shame if you were the one that clicked on a bad link which brought your organization down.”  

Gouveia’s empathetic, hands-on approach is based on a philosophy cultivated over a 25-year career across public and private sectors.  

After completing an undergraduate degree from Columbia University, Gouveia joined the U.S. Army as an intelligence officer. A young platoon leader tasked with managing a team, he quickly found that technical expertise only got him so far. Just as critical was managing his team’s confidence and supporting them through stressful situations while staying mission-aligned. “The military taught me the value of planning, preparation, and how to make sound decisions and communicate clearly,” Gouveia says.

Following his Army service, Gouveia spent several years working in the national security community where he started to notice a trend. Many of the security issues he faced couldn’t be solved by governmental agencies alone: they required innovation, insight, and support from the private sector: collaboration greatly improved and accelerated outcomes. Realizing he didn’t fully understand the nuances at play, Gouveia transitioned to enterprise risk consulting to fill in the gaps. He was immediately struck by the rising influence of cybersecurity. “The one dot on the enterprise risk map that kept going up and to the right was cyber,” he says. 

Gouveia charted a course to develop his expertise in the burgeoning cybersecurity space. “That ended up being a great decision,” he says. “I began to understand the baseline fundamentals and how different organizations thought about the risks to their data.” Gouveia refined his ability to translate the impact of cyber risks to executives and company leaders. All the while, his focus on team and mission propelled him to prominence in the enterprise risk consulting space.  

In 2017, Gouveia was ready to try his hand in company building. He joined cloud and DevOps company Zanaris as a COO where he gained valuable startup operations experience. While at Zanaris, he spun out and co-founded data security startup jumbbit. 

jumbbit innovated a blockchain-powered platform to protect sensitive corporate data from ransomware and insider threats. It was an exciting idea with promising technology backed by a dedicated team. But Gouveia quickly learned how difficult it is to grow a company. “It’s not enough to have a great idea and a great team. That’s table stakes. You also need the right market vision and support to help you grow,” he reflects. After several years, Gouveia was ready to return to enterprise consulting, this time in a senior management position with consulting firm S-RM where he led cybersecurity intelligence, resilience, and response programs for clients.  

In 2021, Gouveia was ready to build again. He found himself constantly thinking about the cyber threat that had occupied his mind for years- ransomware. “It’s the perfect crime: easy to commit, hard to get caught, and immensely lucrative,” he says. Gouveia knew that as companies became reliant upon technology faster than they could secure it, cybercriminals would take advantage of the gaps. Data, the lifeblood of the modern organization, was a prime target. Ransomware was a prime attack method. He had seen the pattern play out time and time again in his years sharpening his incident response skillset as a consultant.  

But the way incident response consulting was structured didn’t make sense to Gouveia. IR professionals were spending too much time manually analyzing incidents for their customers. “When you build a business on a time and materials basis, you’re conditioned to make money by the hour through a services model supporting that,” he says. “You can become disincentivized to leverage technological efficiencies.”

Gouveia saw an opportunity to change the model and redefine the roles of technology and human expertise. “I wanted to automate a large part of the workflows and leverage new technologies to deliver better response and forensic outcomes,” he says. With more technology and automation, IR experts could spend the bulk of their time guiding clients through emergent information and managing challenges. The team’s role would shift to that of a strategic partner. 

Gouveia took on an Entrepreneur in Residence (EIR) role at Forgepoint Capital in 2021 to refine his thesis. The position gave him access to a venture capital firm’s resources, network, and guidance- valuable assets for a company builder. He began to assemble the team, technology, and market strategy that could bring his vision to life. 

Surefire Cyber soon attracted experts in incident response and data forensics alongside operations, marketing, and client engagement leaders. The newly formed team began to refine their capabilities to negotiate ransoms, restore data, and ensure client resiliency with systems and tools leveraging automation. Gouveia’s vision of a tech-enabled team of experts came to life. “We didn’t automate incident response in full,” he clarifies. “We used automation to empower our team with tools that gave them better, faster outcomes.” With a suite of automated capabilities, the Surefire Cyber team could focus on showing up with empathy, taking stress out of the equation to help their clients make good decisions in a crisis.  

Surefire Cyber’s business model didn’t focus on directly selling services to Chief Information Security Officers (CISOs) or companies. Instead, the company partnered with cyber insurance carriers as an approved response vendor and worked with law firms to support clients activating cyber insurance claims.  

Gouveia and his team officially launched Surefire Cyber in 2022. The company’s hands-on approach quickly caught on with clients. Surefire Cyber completed over 150 cases by the end of 2022 and by 2023 boasted a 100% customer satisfaction score, receiving a Cyber Newcomer of the Year award nomination. Surefire Cyber had arrived on the scene. 

Today, Surefire Cyber is nearly two years into its journey and has worked with nearly 1,000 organizations to help them through cyber incidents. The company’s mission-focused philosophy and team culture continues to be a defining feature.  

Surefire Cyber continues to emphasize long-term cybersecurity investments to help companies recover from incidents, lower risk, and enhance their future response capabilities. Surefire Cyber shares incident data with its partners, provides insights on attack typologies and response behaviors with clients through its cyber advisors group, and conducts readiness assessments, and post-incident workshops for complex enterprises.  

After hundreds of client engagements, Gouveia notes that strong responses tend to share common traits: clear plans, skilled teams, supportive leaders, and resilience. Conversely, poor communication, escalating tensions, and reactive decisions can make a bad situation worse. “Companies have to invest in culture, leadership, and security capabilities to lower risk. But they also need to learn to take a punch and keep going,” Gouveia says. It can be a long and challenging journey.  

“Here’s what I tell clients when I first meet them under difficult circumstances: it’s going to take weeks, not days, to get through this,” Gouveia says. “Negotiation, payment, decryption, and restoration all take time. An adrenaline-charged all-out approach is a recipe for burnout.”  

Much like the winding path to resiliency, Gouveia thinks about Surefire Cyber’s growth over a long time horizon. One of the challenges Surefire Cyber now faces is scaling up while maintaining high touch, high quality client relationships. There’s a fine balance between over-automating and under-automating with a lot on the line. Tip too far in either direction and the company’s value proposition becomes diluted.  

Gouveia wants Surefire Cyber’s role to remain balanced and human centric. “I think of our team like a group of emergency room doctors,” he says. “It’s not just about providing very specialized care with the right patient outcomes- it’s also about creating the right patient experience to reduce their stress and build their confidence that you’re going to help them through everything.” 

Sustainable growth also means remaining focused on supporting Surefire Cyber’s expert practitioners. Incident response work can take a toll. “I always think about how hard our team needs to work to support our clients through crisis situations,” Gouveia says. “Everyone on the team makes an important impact- I want to make sure we stay centered on that. There’s a very human dimension to what we do.”  

To that end, Gouveia promotes a healthy balance in the organization and tries to practice what he preaches by taking time each morning to pray, work out, and take his kids to school. It’s all part of a strategy to avoid burnout and take a long-term approach to helping as many clients as possible. 

As he thinks back to the cancer clinic Surefire Cyber worked with, Gouveia’s pride in his team’s impact is evident. “Without being asked, my team worked nonstop through the weekend so that on Monday morning, cancer patients received treatment as if there had never been a network outage,” he recalls. “It was worth founding Surefire Cyber to create that outcome alone.” 

In the face of every new challenge, the north star for Surefire Cyber is the path that Gouveia has followed since joining the Army. “I always remind myself to keep the mission clear and do everything I can to take care of the people who invested in working with me,” he says. “It’s about staying humble, hungry, and focused on the mission.”