Startup Interview: Brainframe Founder Discusses Mission to 'Democratise' Governance, Risk & Compliance Management

Chronicle.lu recently had the opportunity to speak with Davy Cox, founder of Brainframe, to learn more about this Luxembourg-based company which aims to "democratise" governance, risk and compliance management.

This article forms part of a series of interviews with "newcomers" hosted at the Luxembourg House of Financial Technology (LHoFT), i.e. startups having joined the LHoFT since 1 January 2022. Brainframe has been present at the LHoFT since February 2023.

Chronicle.lu: Please introduce your company and the products/services it offers.

Davy Cox: Brainframe Technologies, established in 2016, is committed to reshaping governance, risk and compliance (GRC) management. Recognising the industry's inefficiencies, we recently developed Brainframe.com, a pioneering solution blending information security management systems (ISMS), GRC, quality management systems (QMS) and document management systems (DMS) in a single platform. Our mission is to "Democratise GRC", making robust security and compliance management accessible to all business sizes and types. We're regulation-agnostic, flexible and we instantly digitalise, centralise and augment your existing Word/Excel work. Our visual, context-aware representations of assets, tasks, processes, risks and KPIs [key performance indicators] offer unprecedented clarity. Available as a cloud or self-hosted solution, we cater to any regulatory requirements, making GRC efficient, effective and affordable.

Chronicle.lu: What led to the creation of your company?

Davy Cox: My entrepreneurial journey began in academia as a graduate in ICT electronics, where I led a virtual small business project that won multiple awards. I then co-founded one of Luxembourg's first e-commerce platforms, Lunchtime.lu, where I realised the significance of cybersecurity. This propelled me to earn a Master's in Security (RSSI) and start Brainframe Technologies, a cybersecurity consulting firm. During my tenure as a "CISO as a service" for big companies like Doctena and others, and after talking to many colleague CISO's, it became clear I was not the only one struggling to effectively manage the security and compliance of companies, which ultimately inspired me to create Brainframe.com.

Chronicle.lu: What brought your company to Luxembourg?

Davy Cox: Luxembourg felt like the right fit for Brainframe Technologies from the get-go. You have the advantages similar to a small village regarding networking, while at the same time you are supported by a big rich country infrastructure and their many initiatives. Direct access to decision-makers makes things happen faster. Plus, as part of the general European efforts, there's a clear state push for innovation and entrepreneurship, with more and more focus on our niche of security solutions. The local startup scene is buzzing with events and initiatives like those organised by Silicon Luxembourg, while incubators like LHoFT and accelerator programmes like "Fit for Start", but also many investors offer resources and support. It's an exciting place to grow our company.

Chronicle.lu: What makes your company and its offer unique?

Davy Cox: Our mission is to "Democratise GRC", which we do by making it available in a very cost-effective way so that no size/type of company needs to compromise on quality, compliance or security due to budget. Most GRC tools force a fixed way of working (with a high learning curve) and are specialised in a limited set of legislations/frameworks, whereas we are completely flexible and framework/regulation agnostic allowing you to manage anything. Because we know many people already have high investments of quality work in Word/Excel, we allow them to instantly augment this work by uploading it onto our platform and use it with all our features. Finally, our visual and context aware representation of company assets and dependencies, tasks, processes, risks and KPIs does not exist in any other solution. By offering the system as a cloud solution and self-hosted for highly regulated companies, we can cater to any type of company.

Chronicle.lu: What is next for your company?

Davy Cox: Now that we have a highly appreciated solution for the management of GRC, we are focusing on increasing the network of trust between the many actors in the GRC in Europe by creating a win-win-win between companies, suppliers and consultant companies in line with our "Democratise GRC" mission. Effective security is so complex that it is impossible/too expensive for most companies to internalise all competencies, which is why we believe that instead of competing with exiting consultant and suppliers, efficiently bringing them closer together with companies struggling in specific domains, is the way to go. 

As like for most of the world, but even more important in the security market with a huge lack of specialists, 2023 is also the year of AI [artificial intelligence] where we are automating multiple tasks that neither consultants nor companies want to spend time on, eventually making the global compliance efforts more cost-effective. We do believe a human should always be in the loop, which is why our efforts in AI are built in such a way that they augment the specialists, indirectly reducing our expertise gap.