Skip to content
Why Valentra

Built by the operators who scaled healthcare cybersecurity.

Valentra Labs turns hard-won program experience into an operating layer for cybersecurity teams. Our credibility is cited operator history — not a wall of customer logos.

Design partners

Valentra Labs is shaping Valentra Nexus with a founding cohort of design partners. Here is where that program stands today.

Enrolling Design partners onboarding now

Updated

Operator history

The credibility behind Valentra Labs is a track record, stated plainly and dated — not a marketing claim.

  • Clearwater ARR (Jon Moore)

    ~$4M → $47M+

    as of Clearwater operator history

  • Industry recognition

    Best in KLAS

    as of KLAS Research

  • IRM|Pro origin (Jonathan Kaeuper)

    SME & advisor on IRM|Pro

    as of Clearwater operator history

The founders

Jon Moore

Founder & CEO

Scaled Clearwater's healthcare cybersecurity practice from ~$4M to $47M+ ARR; Best in KLAS.

Jonathan Kaeuper

Co-Founder

SME and advisor on Clearwater's IRM|Pro.

The Decision Packet

What the program produces: a board-ready packet that carries the situation, options, recommendation, evidence, and approval chain.

Decision Packet · v1.0

Q2 2026 — Crown-Jewel Risk Disposition

pkt_2026-04-17_a3f8e1

Situation

Q2 program review covers the crown-jewel ePHI store and its supporting control envelope. 487 endpoints catalogued across three network segments; 12 unsanctioned SaaS surfaces detected by the shadow-IT scan. Continuous monitoring posture is operating; the residual question is risk acceptance for two compensating-control gaps surfaced this cycle.

Risk & Impact

14 critical findings scored against the revenue-at-risk model. Two compensating gaps (vendor-SOC-2 attestation lapse + patch-cycle #38 awaiting CAB sign-off) carry residual risk of $1.4M in unmitigated regulatory exposure if a HITRUST audit lands before remediation closes. Patient-data confidentiality remains the load-bearing impact dimension.

Options

  1. Accept residual risk through Q3, with quarterly board re-review.
  2. Accelerate remediation by re-prioritizing the patch cycle ahead of the planned Q3 platform migration (cost: 2 engineer-weeks).
  3. Transfer risk via expanded cyber-insurance rider (cost: $48K/yr premium delta; coverage gap on ePHI exfiltration remains).

Recommendation

Pursue Option 2 — accelerate remediation. The 2 engineer-weeks of effort cost is recoverable in Q3; the residual exposure is asymmetric (regulatory floor of $1.4M vs. ~$120K labor delta). Document the patch-cycle re-prioritization as a logged decision with the program owner; close the SOC-2 attestation gap via vendor outreach in the same window. Insurance rider deferred to Q4 review.

Evidence

Twelve evidence artifacts back the recommendation — asset inventory, control mapping, vendor SOC-2 status, residual-risk model, patch-cycle telemetry, and the prior packet's audit trail. One control attestation is overridden with a documented compensating-control narrative; two vendor attestations are pending the Q2 refresh window.
ArtifactHashStatusDetailCaptured
Asset inventory snapshot — 487 endpoints#a3f8e1b2verified
Control mapping cross-walk — 93 controls#b7c4d9e0verified
Vendor SOC-2 attestation — current#c9d0e2f1pendingRefresh window opens 2026-05-12; vendor confirmed window…
Vendor SOC-2 attestation — secondary processor#d2e3f4a5pending
Residual-risk model — revenue-at-risk#e1f2a3b4verified
Patch cycle #38 — CAB queue position#f3a4b5c6overridden
Overridden per compensating-control narrative — see attached
Penetration test report — Q1 follow-up#a5b6c7d8stale
Prior packet audit trail — pkt_2026-01-09_b8c4e2#b6c7d8e9verified

Approval Chain

CIO and CISO have signed. The CCO signature is pending receipt of the vendor-SOC-2 refresh; the program owner has logged the override and the compensating-control narrative.
  1. Chief Information OfficerM. AlvarezSigned 2026-04-17T14:08:11Z
  2. Chief Information Security OfficerJ. ParkSigned 2026-04-17T14:18:42Z
  3. Chief Compliance OfficerPending signatureAwaiting vendor SOC-2 refresh — window opens 2026-05-12
Generated by Valentra Nexuspkt_2026-04-17_a3f8e1

Stay close to Valentra

Periodic insights on running a cybersecurity program — no contact form, no sales follow-up. One email field.

Valentra Labs is led by operators who scaled Clearwater's healthcare cybersecurity business from roughly $4M to $47M+ ARR and earned a Best in KLAS designation — cited operator history, not a customer-logo wall, carries the Day-1 trust.

as of