The Shadowserver Foundation perseveres toward internet security goals
Despite tragedy and accounting issues, nonprofit rebounds to thrive
CASE STUDY |
Internet security has never been more important, as we spend more time online conducting transactions and communicating from a variety of connected devices. As the days go by, more of our personal information and business intellectual property is transmitted online, and hackers and thieves attempt to access that data for a host of nefarious reasons.
International, state and, in the future, potentially federal data security and privacy measures are frequently developed, enacted and amended in an attempt to keep sensitive information from falling into the wrong hands. However, criminals are unrelenting, and their tactics are also typically more advanced than most protective measures.
In a scenario in which the bad guys seemingly outnumber the good guys, The Shadowserver Foundation is a leading force to make the internet more secure for everyone. Founded in 2004, Shadowserver is a nonprofit organization consisting of leading security experts, researchers and engineers that actively investigate malicious internet activity and collect information about misconfigured, potentially compromised or infected computer systems globally. It reports abuse data each day for free to any network owner.
While Shadowserver was founded in the United States, its important work has expanded overseas. The organization was also registered in the Netherlands in 2014, maintains a location in the United Kingdom and maintains a global infrastructure spanning 80 countries.
The organization works directly with national governments, network providers, enterprises, financial and academic institutions, law enforcement agencies, and others to detail any discovered internet security vulnerabilities as well as any malicious activity so they can be remediated.
The goal of making the internet secure for everyone is daunting, but the amount of work Shadowserver performs toward its mission is staggering. For example, the foundation scans 4 billion internet addresses 45 times per day and ingests and analyzes 713,000 unique new malware samples daily, with 1.3 billion samples in their malware repository.
Unfortunately, similar to many middle market organizations, Shadowserver operates with a limited number of internal staff. A few years ago, multiple significant events occurred simultaneously to threaten the sustainability of the organization.
Accounting missteps and tragedy take a toll on Shadowserver
From the inception of the foundation, it conducted its bookkeeping and recordkeeping within Quickbooks and multiple spreadsheets. It also worked with outside accountants to help the organization prepare taxes and manage nonprofit guidelines. However, the day-to-day operations were heavily reliant on one person, Shadowserver’s director, Richard Perlotto.
“Everything was manual—everything was relying on me,” commented Perlotto. “If we had to do invoices or anything with the finances outside of taxes, it was 100% reliant on me.”
Some issues started to emerge with the foundation’s accountants. They made changes without properly communicating what they had done, and tax considerations such as deductions were irregular and inconsistent when they should have been standardized.
At the same time, Perlotto suffered a tragic death in the family, and understandably stepped away from the organization to focus on his family. However, with so much of the business operations dependent on Perlotto, Shadowserver found itself in a situation where nobody was running the organization and following up with the accounting firm in his absence.
By the time Perlotto returned to the organization, the amount of accounting issues and inaccuracies had caught up to Shadowserver, with books and records that were lacking in several areas. With the accountant not performing as intended, the organization was not up to date from a federal and state tax filing standpoint and the federal government consequently revoked Shadowserver’s 501(c)(3) nonprofit status.
Perlotto quickly determined that he needed a business partner to help get the organization’s financials back in order and chart a course for success in the future.
“I wanted someone that I could have a permanent relationship with,” said Perlotto. “We will probably never have internal finance people, so we needed someone with the history and the expertise to meet our complexities, being three nonprofits, not a single nonprofit.”
Catching up and building a brighter future
Shadowserver chose to work with RSM US LLP to revise financial statements and refile its tax returns from 2015–2018, work to regain its nonprofit status, and perhaps most importantly, implement a back-office structure that wasn’t reliant on a single person and could persist beyond a potential catastrophic event.
“I interviewed several companies—small corporations and the large corporations,” said Perlotto. “RSM scratched several of the itches that I had right away. They were able to bring in several 501(c)(3) experts right away, and they had a variety of experts from within the organization that they were able to bring into the equation quickly to answer my questions.”
Shadowserver and RSM worked together for nearly a year performing the accounting cleanup, developing a very close, friendly relationship. That process represented a tremendous amount of work, with a typical week consisting of three meetings and roughly a dozen emails exchanged to scrutinize how items were accounted for.
“The process of fixing the accounting and going through the taxes proved the point of what I was looking for,” commented Perlotto. “I wanted an organization that could bring in people as necessary—experts that could deal with the exact problems that I was having. This was not a new thing for RSM, and that gave me confidence moving forward.”
RSM’s tax team filed the new tax returns and communicated with the IRS to restore Shadowserver’s nonprofit status. In addition, the finance and accounting outsourcing group began work on establishing a new, consistent back-office framework to help the organization optimize critical financial processes.
Shadowserver took a major step forward with the FAO platform, gaining automation capabilities within several key functions, including transaction processing, financial reporting, month-end close, and financial planning and analysis. By replacing the previous manual financial processes with scalable technology solutions, Shadowserver has gained more consistency and real-time insight it never had in the past.
The new technology framework is able to better manage the complexity of how Shadowserver’s financials must be prepared, due to its international sister corporations. The U.S.-based organization provides a significant amount of support for those entities abroad, so the accounting and reporting must be presented in a different way, which is much more easily captured within the automated approach than in the previous manual structure.
“I have gone from one person to a team,” said Perlotto. “Every time there was a question about something, RSM had an appropriately skilled person to answer those questions. While this was going on, RSM was educating me. I have run very large departments in the past, but how you run a department is vastly different than the things you need to consider for an entire corporation, and more specifically a nonprofit.”
“Most companies should probably consider outsourcing earlier than we did. I wish I had brought RSM in five or six years ago, but we were not mature enough in our organizational stance to consider that. It took a catastrophic failure to understand that we needed to change the model, but now we are certainly back on the right track.”
Richard Perlotto, Director, Shadowserver
Continued change on the horizon
As Shadowserver has gotten its taxes and finances current and back in line to include a retroactive reinstatement of their 501(c)(3) and implemented a more proactive technology solution to manage the financial function, it is also undergoing a fundamental shift in organizational operations.
Perlotto had a long, successful career with Cisco Systems, and for many years, Shadowserver was a project within that company. Cisco was the largest U.S. sponsor and primary financial supporter for the organization, but Perlotto maintained control over the mission and executed any necessary processes. The vision for Shadowserver has always been to become a truly independent, self-sustaining international nonprofit organization, but Cisco accelerated that process by surprisingly deciding to discontinue funding in 2019.
The shift in structure—from a black box governance approach to a community model—actually may have come at an opportune time, as the way people think about internet security has also evolved over time. When Shadowserver was first established, the organization presented an operational model that not everybody agreed with, but through hard work and perseverance, the framework became the standard for the security community.
However, the vision for internet security is currently more focused in the industry, amid an environment of persistent, volatile threats. With the change in strategy and more involvement in decision-making, Shadowserver is better positioned to combat bad actors and encourage a safer internet experience. With an outsourced finance department, an expanded board and community-driven paths of communication, the organization can continue moving forward with a shared mission without being dependent on any one person.
The fundraising model is certainly a new process for Shadowserver, but it has been a successful transition thus far following recent significant contributions from tech powers such as Avast, Trend Micro, Mastercard and The Internet Society (ISOC). In fact, in its first year as an independent organization, Shadowserver reached its annual funding goal within six months.
While the organization now has to work much harder for funding, the timing for bringing organizational finances up to date and automating the finance function was impeccable. As support for Shadowserver has changed dramatically, the foundation is able to quickly and accurately answer financial questions from new constituents, new investors or contributors to the business.
“Organizations really need to evaluate their finance needs on a quarterly and annual basis,” commented Perlotto.
With a stronger financial foundation in place, Shadowserver continues to look ahead and implement proactive goals to provide timely internet security reporting and malicious activity investigation. By driving change, fostering collaboration and contributing to a culture that delivers greater services and capabilities, Shadowserver continues to be the standard for uncovering emerging threats, working altruistically behind the scenes to make the internet more secure for everyone.