Crises Contained

.

Context: symplr’s flagship Time and Attendance system wasn’t just best in KLAS—it was also on-premise. That meant customers had to install updates themselves, making it harder to react quickly in emergencies.

This was absolutely an emergency.

One of our largest customers had proactively hired a third-party security firm to penetration test their IT ecosystem. The firm uncovered a level 7 vulnerability in our system—classified as critical.

What this means: In cybersecurity, vulnerabilities are assessed on the CVSS (Common Vulnerability Scoring System) scale from 0–10. A score of 7.0–8.9 is considered high risk. A 7+ vulnerability typically triggers incident response protocols, including expedited patching, legal coordination, and customer communication.

At Stake:

  • For customers: a successful exploitation would result in the inability to pay their workers.

  • For symplr: Time and Attendance was a cash cow. Not only did was the solution a symbolic flagship product but also their earner of annual recurring revenue. A successful exploitation and the fallout that followed would put the strategic options of the entire company at risk.

Key Actions:

  • Engineering first: We mobilized our top software engineers with security to scope and begin work on a patch. Timeline: 6 weeks to cover all current versions.

  • Executive alignment: I coordinated a response team with our Chief Security Officer and Chief Legal Officer. We estimated customers would need up to 6 months to install patches.

  • Customer leverage: Our advantage? The customer who discovered the vulnerability trusted us—and they were in control of the third party. We met with their executive team and secured agreement to delay public disclosure.

  • Coordinated rollout: I led coordination across technical writing, marketing, support, and account teams to launch a discreet but urgent campaign. The message: plan to update within 6 months—without broadcasting the risk to malicious actors.

Impact:

  • No security breaches or exploitations occurred.

  • KLAS scores increased during this period due to clear, coordinated communication.

  • Customers cited increased trust in our team’s responsiveness and transparency.

Relevant Skills

  • Cybersecurity Incident Management

  • Cross-functional Crisis Coordination

  • Executive & Legal Stakeholder Alignment

  • Strategic Customer Communication

  • On-Premise Product Management & Patch Rollouts

  • Risk Mitigation & Brand Trust Preservation