Building and Implementing Security Programs within Fast Growing Technology Companies

the CYBER5
03/08/2021 27 min Temporada 1 Episodio 51
Building and Implementing Security Programs within Fast Growing Technology Companies

Listen "Building and Implementing Security Programs within Fast Growing Technology Companies"

Descargar episodio Ver en sitio original

Episode Synopsis

In episode 51 of The Cyber5, we are joined by Chris Castaldo. Chris is the Chief Information Security Officer for CrossBeam and has been CISO for a number of emerging technology companies.  In this episode, we talk about his newly released book, “Startup Secure” and how different growth companies can implement security at different funding stages. He also talks about the reasons security professionals should want to be a start-up CISO at a growing technology company and how success can be defined as a first time CISO. We also talk about how start up companies can avoid ransomware events in a landscape that is not only constantly changing but also gives little advantage for defenders of small and medium sized enterprises. Two Topics Covered in this Episode: 4 Security Lessons for Founders of Start-up Technology Companies When a B2B company is pre-seed or before Series A funding, customers might have leeway for lax cybersecurity controls. However, after an A round, policies, certifications (SOC2 or ISO27001), procedures will be required to ensure customer data is staying safe. A B2C technology company might not be asked by the public for certifications, but auditors and regulators may. Basic policies include: Single Sign-On or an Okta authentication into applications, cloud, and workstations Password management implementation (LassPass or OnePassword) Encryption at rest and transit Vulnerability scanning Combating Ransomware from The Inside-Out Approach and Integrating Threat Intelligence Blocking and tackling from inside-out to get in front of ransomware is challenging. The simple items to tackle are the following:  Auto-updates for patch management on operating systems Endpoint Detection and Response products Proper asset management to have full visibility on all network devices and services At the point when resilience and compliance controls are in place and an organization can bounce back from an incident in a timely manner, adversary insights via threat intelligence is a logical next step.  

More episodes of the podcast the CYBER5

Insider Threats and Social Engineering Tactics by Counterintelligence Institute’s Peter Warmka 08/03/2023
The Top Nisos Investigations Of the Last Seven Years with Nisos Research Principal Vincas Ciziunas 08/02/2023
The Vital Role of Customer Success in Intel Programs with Senior Director of Nisos Brandon Kappus 24/01/2023
Identifying When Attribution of Threat Actors Matters and How to Track the Outcomes with Senior Information Security Leader Charles Garzoni 03/01/2023
Properly Defining a Threat Management Department within Enterprise with Senior Manager of Nvidia Chris Cottrell 28/11/2022
Operational Resiliency Framework Pertaining to Supply Chains by Foundation for Defense of Democracies George Shea 02/11/2022
Integrating Attack Simulation with Intelligence to Provide Actionable Outcomes with CrossCountry Consulting 26/10/2022
Data Governance and Threat Intelligence Converge with Egnyte’s Chief Governance Officer Jeff Sizemore 28/09/2022
Driving Diversity in Cyber Security and Intelligence with BGH Security CEO Tennisha Martin 22/09/2022
Leveraging Open Source Intelligence in Insider Threat Programs with Vaillance Group CEO, Shawnee Delaney 14/09/2022
© 2003-2025 ZARZA | AHEAD OF OUR TIME
privacy policy
In God we trust In God we trust
PreSales Questions? Click Here
or call our toll-free line at +1-888-5002068 Miami, Florida, USA