I recently hosted a panel on the topic of Information Security and framed our discussion around the concept of Secure Innovation. Information Security is often viewed as a roadblock to innovation and an obstruction to moving quickly in a highly competitive environment. The panel focused on how to foster innovation and leverage security as a competitive advantage, and provided strategies that can be quickly implemented to achieve the overall goal of secure innovation.
Each panelist provided openings statements on their experience with innovation that required a high level of security and privacy, and led to pragmatic solutions to challenges in this area. One of our goals from the panel was that CIOs would have 2-3 things they could immediately implement when they got back to their desk.
We covered a number of compelling questions across People, Process, Technology, with some of the key remarks conveyed in the following:
CISO at an early stage security startup
What are your recommendations on sourcing, as you can’t do all of this in-house today?
You need to be creative in your staffing solutions; it is very hard to hire experienced staff. We recommend getting less experienced staff and training them. The Merritt College Cybersecurity program is a great source and example of this model.
What do you recommend on security reporting relationships (CIO, CEO, COO)?
I report to the CEO directly as it is essential to our company being a small, early stage startup.
CMO at an early stage security startup
Who are the bad guys and what do they want?
There are three main actors: One who wants to steal our money; the second, our IP; the third seeks notoriety (think Anonymous.)
CEO at early stage security company
How do organizations find and attract good security talent?
You bring in less experienced staff and train them.