Hello from the world of data security and compliance

We help customers close security and compliance gaps to avoid data breaches. Our forensic, penetration testing, and audit teams identify best security practices and simplify compliance mandates (PCI DSS, HIPAA, GDPR). As an Approved Scanning Vendor, Qualified Security Assessor,Certified Forensic Investigator, we have tested over 1 million systems for security.

SecurityMetrics Building

A Bit of History

In 1998, CEO Brad Caldwell recognized the need for affordable data security for the masses after his company's website was hacked. At the time, the only organization qualified to help his business through the damaging compromise was extremely expensive. Caldwell realized small organizations not only need affordable forensic investigations, but also simple tools to protect them from hacks in the first place.

Since its founding in 2000, privately-held SecurityMetrics has grown from a small security company specializing in vulnerability assessment scans to a global leader of data security and compliance solutions with over 300 employees. Today headquartered in Orem, Utah, SecurityMetrics continues to provide the expert services Caldwell so desperately needed to small and large organizations around the world.

We Take Care of our Customers

Friendly and informative customer service is the cornerstone of our company. We have the largest in-house call center in the payments industry and take over 135,000 calls each month. Since our founding, we have tested over 1 million systems, from Fortune 500 businesses to small retailers, for data security and compliance.

Our Expertise Speaks for Itself

  • Experience

    We have more than 10 years of experience with data security and compliance.
  • Accreditations

    Our employees hold certifications like Certified Information Systems Security Professional (CISSP), PCI Forensic Investigator (PFI), Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), Payment Application Qualified Security Assessor (PA-QSA), and Point-to-Point Encryption Qualified Security Assessor (P2PE QSA).
  • Global Solutions

    We are one of only a handful of companies worldwide certified by the PCI Council to conduct all major PCI compliance validations.


June 2019

Fortress Cyber Security Award
Best Product: Compliance
(PCI DSS Assessments)

February 2019

Cybersecurity Excellence Award
2019 Cybersecurity Product
(PCI Customer Portal)

February 2019

Info Security PG’s Global Excellence Awards
New Product or Service of the Year
(GDPR Defense)

February 2018

Stevie Award for Sales and Customer Service
(Contact Center of the Year)

September 2016

Stevie International Business Award
Support Department of the Year
(PCI Compliance)

March 2016

Info Security Global Excellence Award
(Forensic Investigation Services)

April 2015

Info Security Global Excellence Award
Best HIPAA Compliance Service
(HIPAA Onsite Audit)

April 2015

Info Security Global Excellence Award
Best PCI Compliance Service
(PCI DSS Onsite Audit)

December 2014

Best in Biz Awards
Small/Medium Business Service of the Year
(Guided HIPAA Compliance)

September 2014

Golden Bridge Awards
Governance, Risk, and Compliance Innovations
(Guided HIPAA Compliance)
Security Software Innovations (PANscan)

September 2014

American Business Awards
Health & Pharmaceutical Service
(Guided HIPAA Compliance)

April 2014

Utah Best of State Award
HIPAA Compliance Services

April 2014

ETA Star Award
Business Partner of the Year

February 2014

Stevie Award for Sales and Customer Service
Healthcare Customer Service Department of the Year (HIPAA Support)

February 2014

Info Security Global Excellence Award
PCI Compliance

May 2013

Utah's Best of State
Best Customer Servicing and Call Center

February 2013

Stevie Award for Sales and Customer Service
Global Sales Team of the Year
Sales Process of the Year

June 2012

Ernst & Young Entrepreneur of the Year
CEO Brad Caldwell, Technology

February 2012

Stevie Award for Sales and Customer Service
Contact Center of the Year

December 2011

Utah Valley Entrepreneurial Forum
Entrepreneur of the Year

October 2011

Arthur V. Watkins Awards
Entrepreneur of the Year

December 2010

Utah Valley Entrepreneurial Forum
Utah Valley's Best Kept Entrepreneurial Secret

November 2010

Deloitte Technology Fast 500
122nd Fastest Growing Company

September 2010

Utah's 100
19th Fastest Growing Company in Utah

August 2010

Inc. 500
13th Fastest Growing U.S. Security Company
408th Fastest Growing U.S. Company

March 2010

Utah Valley Magazine Top 50
4th Fastest Growing Company
14th Top Revenue Company

Executive Team

Brad Caldwell

Brad Caldwell is Chief Executive Officer and founder of SecurityMetrics, Inc. Under Caldwell's leadership, SecurityMetrics has grown from a one-room scanning company to a global leader of industry compliance and data security solutions. Caldwell is certified as a data forensic investigator (PFI), onsite auditor (QSA), authorized scan vendor engineer (QSE) and certified information systems security professional (CISSP). Prior to founding SecurityMetrics, Caldwell co-founded Software Development Corporation, which developed WordPerfect for UNIX/Linux for Novell and Corel corporations. Brad is a graduate of Brigham Young University and enjoys racquetball, cars and travel.

Blake Stevens

Blake Stevens is the Chief Financial Officer at SecurityMetrics. With over 25 years of finance and accounting experience in a number of industries, Stevens is responsible for accounting, audit, financial analysis, treasury, tax, and investor relations. Stevens began his career as a financial analyst with Coldwell Banker and for twelve years served as the director of finance and corporate controller of Marie Callender's Pie Shops, Inc. where he was instrumental in developing accounting and POS systems and achieving company growth. Stevens later became the CFO of Logic General Inc., a manufacturer of CD and DVD's. Stevens holds a bachelor's degree in business administration, with a major in finance from Brigham Young University.

John Bartholomew (JB)

JB is the Senior Vice President of Technology at SecurityMetrics. Since obtaining his degree in Computer Science from Brigham Young University he is now a 30-year high-tech veteran; having worked in software and security in the payments, healthcare, manufacturing and entertainment industries. He has worked in a full spectrum of roles from software developer to owner. A few of his previous employers include: Broadway & Seymour, U.S. Steel, WordPerfect, Novell, Griffin-Hill, and Cogito. His greatest work satisfaction is helping others understand and enjoy the benefits of new or advanced technologies.

Wenlock Free

Wenlock Free is the Vice President of Strategic Partnerships at SecurityMetrics, combining a background in international sales and marketing with over 25 years experience in the business development and training industries. Free is responsible for navigating the business through the rapid pace of the security industry through the preservation of SecurityMetrics' strategic relationships. Prior to joining SecurityMetrics, Free focused on public speaking, providing training programs throughout the US, UK and Canada. Recruited as director of sales at CORDA Technologies, Free built successful sales and marketing programs in the financial services marketplace. His passions include vintage automobiles, avocados, and travel.

Russell Stay

Russell Stay is the Vice President of Business Operations at SecurityMetrics, and is responsible for defining, implementing, and executing formalized productivity and product processes for SecurityMetrics’ HIPAA strategy. Stay has over 30 years experience in software product development, planning, and marketing at companies such as FamilySearch, Intl., Symantec Corporation, Franklin Covey Company, and Structural Dynamics Research Corporation. Stay studied for a master's degree in business administration at Pepperdine University and received a bachelor's degree in computer science and mechanical engineering from Brigham Young University. Father of three and grandfather of six, Stay enjoys racquetball, mountain bikes, rock climbing, backpacking, skiing, and his family.

Gary Glover

Gary Glover is the Vice President of Assessments at SecurityMetrics and holds QSA (Qualified Security Assessor), PA-QSA (Payment Application Qualified Security Assessor), CISSP (Certified Information Systems Security Professional), and CISA (Certified Information Systems Auditor) certifications. Glover has completed over 100 PCI-DSS, PABP, and PA-DSS security assessments and is a regular contributor to the SecurityMetrics blog. Glover began his career at McDonnell Douglas Aerospace developing artificial intelligence and expert systems for rocket and propulsion systems. Additionally, Glover spent nearly 10 years in software development with companies such as Novell and Corda, is the author of two US patents, and received a Masters of Science degree in Mechanical Engineering from Brigham Young University. Glover's hobbies include skiing, RC airplanes, and sailing.

David Ellis

David Ellis is the Vice President of Investigations at SecurityMetrics and holds PFI (PCI Forensic Investigator), GCIH (GIAC Certified Incident Handler), QSA (Qualified Security Assessor), and CISSP (Certified Information Systems Security Assessor) certifications. In addition to his forensics background, Ellis has over 25 years of law enforcement and investigations experience, was a Commander with the Oakland Police Department, holds a bachelor's degree from Columbia College, and graduated from the FBI National Academy. Ellis is a regular contributor to the SecurityMetrics blog, and enjoys doing almost anything with his family, including sport shooting, ATVing, and dirt biking.

Troy Tribe

Troy Tribe is the Senior VP of Sales at SecurityMetrics. With over 20 years in tech development and security, he brings big-picture vision and know-how to the Data Security and compliance realm. He is known as a creative thinker, driven in his work and resourceful in his solutions. Before joining SecurityMetrics, Troy worked with several top tier cyber security start-ups funded by Google Ventures, Kleiner Perkins, Icon Ventures, Cowboy Ventures and others. Tribe’s diverse background—along with his willingness to explore new frontiers with enthusiasm—position him perfectly to head the Sales department at SecurityMetrics.

Here's what our customers are saying

Maintaining PCI compliance is extremely important with large scale ecommerce applications. SecurityMetrics makes the process of getting compliant extremely easy...I'd highly recommend them to anyone looking to build and maintain a secure environment.

Thomas W., President, eVitamins

I appreciate the expert help from SecurityMetrics as our office worked through understanding HIPAA regulations. The staff was knowledgeable and very helpful. The validation process went off without a hitch!

Kathy M., Office of Dr. Mike Bloom

SecurityMetrics has provided our clients with a high level of expertise, professionalism and service for PCI compliance_SecurityMetrics takes the complexity of PCI compliance and then rolls it into a simplified process.

Craig L., CEO, Card/Pay

We are excited to work with you.


Thank you!

Your request has been submitted.