How Counterpart Scales Security with a Workstreet vCISO

Counterpart is the first Agentic Insurance™ system that combines underwriting, broker support, risk mitigation, and claims expertise with advanced AI.

As a fast-growing startup, Counterpart faced a common challenge: it needed to meet rigorous, multi-framework security standards, but it didn't have the budget for a full-time CISO.

By partnering with Workstreet as its vCISO, Counterpart built a scalable security program that allows its engineering team to stay focused on building its product, with confidence that its security posture and compliance roadmap are supported by an expert team.

Finding Right-Sized Support

Many teams believe that compliance and security at the startup stage means hiring an expensive, full-time CISO or trying to muddle through using automation tools alone. A vCISO bridges that gap, providing security leadership without the full-time price tag.

"As an insurance technology company, our partners and regulators expect rigorous standards," says Dave Lin, Counterpart’s Head of Product and Engineering. "But as a startup, we didn’t have the budget for a full-time security resource. From prior experience, I knew how much work SOC 2 would be, even with a tool like Vanta."

Counterpart needed a partner who understood the pace at which a startup needs to move and its exact compliance requirements. “We needed a security program that works for us, and not a Fortune 500 company,” says Lin. Counterpart chose Workstreet as its vCISO partner to build a right-sized security program that scaled alongside its business.

Navigating the Triple Threat: SOC 2, NYCRR 500, and HIPAA

Operating an agentic insurance platform means navigating a complex regulatory environment that requires compliance with:

• SOC 2: The table stakes for enterprise trust.
• NYCRR 500: A strict regulatory requirement for insurance operations in New York.
• HIPAA: The key to offering professional liability insurance to healthcare providers.

Workstreet took on the heavy lifting for all three frameworks, including drafting policies, configuring Vanta, prepping for audits, and tracking remediation.

When a product launch required a three-month HIPAA certification sprint, Workstreet delivered. "We had an aggressive timeline. I thought the process would be daunting," Lin admits. "Workstreet walked us through the entire process and assigned the resources to make sure we met our timeline without it becoming a drag on our organization."

An Extension of the Team

A vCISO shouldn't feel like an external vendor; it should be an extension of your internal team. Alongside audit preparation and navigation, Workstreet assists Counterpart with:

• Vetting new tools so employees can innovate safely.
• Quarterbacking the audit process and handling security inquiries.
• Conducting application penetration tests, writing and auditing policies, and annual CISO reports.
• Brainstorming additional compliance options and frameworks to stay ahead of business growth.

"Workstreet has become a trusted partner we can bounce security ideas off as our business expands," says Lin. "It gives us peace of mind and frees up resources so we can concentrate on building."

Follow a Proven Path

If you're looking to level up your security program, Lin’s advice is clear: don't guess when you can follow a playbook.

"Partnering with the right experts early on significantly reduces stress," he explains. “Knowing Workstreet had done this before for startups gave me confidence that it wouldn’t over-recommend, and its advice would be pragmatic.”