Ethical Hacking Blog

Cybersecurity for Startups: A Conversation with Jack Leidecker

Written by Ted Harrington | May 20, 2022 4:07:00 PM

On this Episode of Tech Done Different with Ted Harrington, Executive Partner at Independent Security Evaluators (ISE)...

Is your business harmonizing with its security? How are you making sure that you bring the right people into your company? If you are starting a cloud-based company, security is one of the most important pieces to have. Not only does it allow you to build a steady company, but it also allows you to build a sustainable community.

Joining us for today’s episode is Jack Leidecker of Gong. He is a results-driven, senior security executive with significant domestic and international experience in public and corporate roles. He develops high-performing teams resulting in a proven track record of success in applying an enterprise risk strategy and implementing enterprise-wide technology solutions and services that align with business and customer goals. Today, we explore what it takes to build security into the cloud, how security must harmonize with the business, and the power of diverse teams.


Here are three reasons why you should listen to the full episode:

  • How to Start a Cloud-Based Company
  • The Importance of Cybersecurity for Startups
  • Finding the Right Mentor

Resources

Connect with Ted Harrington: Website | LinkedIn | Twitter 

 

Episode Highlights

Building a Cloud-Based Company Securely

  •       If you're a cloud company, know if you are taking advantage of the cloud. Make sure that you align on what you and your company are trying to do. If you're trying to do things manually, you're probably not doing a cloud system.
  •       Make sure you have the right capability to analyze all the data. The good and the bad with the cloud is you don't have your regular network traffic. But you do have VPC flow and even VPC mirroring. But those can be very noisy. Make sure you're set up correctly to analyze all that data.
  •       Remember that automation and focus are key.

The Advantage of Cybersecurity for Startups

  •       What security does for each company is not necessarily always going to be the same for everyone. You need to understand the business and how you differ from others.  
  •       If you're looking at what marketing is doing to make the brand more aware, you need to figure out how HR brings the right people and helps through that process. Figure out how you make sure that security is securing the type of data you have.

Support and Security

  •       You can't just prepare for when you're where you want to be. It's how you make sure that you have the right support mechanisms. Remember that if people don't feel supported, they're not going to stay necessarily. Understanding what's happening is key to reaching different communities. It allows you to make sure that there are different opportunities available.
  •       Security is one of the areas where it's a little bit helpful in terms of employment shortage. Security is where you begin to question if you need someone that fits an exact role in the company. Or you would want someone a little different, but analytical and curious.

Getting Your Name Known

  •       The biggest thing you can do is figure out your goal and what you need to do to get there. It will be a combination of different things, but you can get your name out there if you can find something and break in.
  •       Make sure that your goal is something that you can achieve. If you can’t, then figure out something reachable. There are many opportunities, whether it's volunteering or getting involved in different areas. You can get your name out there and start working through it.

Finding a Mentor

  •       Make sure you understand what you want from a mentor’s guidance because what you don't want to do is be on LinkedIn and just sell yourself until you find a mentor. You still need to take accountability for what you want to do. You need to share your passion and what you want to do.
  •       Understand how you are reducing risk. Figure out what you want to focus on. Try what you started with that you may not end up with. It gives you an idea of what you're looking for. Don't go for a mentor without some defined criteria because if you get too demanding, the problem you'll have is a lot of people will just kind of fade away, and then you're not getting what you want out of it either.

Powerful Quotes from this Episode

[04:48] I could have 50 different tools, but nobody knows what to do. I think the biggest thing is you have to have someone that can tune in to maintain that tool; otherwise, you shouldn't be buying it.

[11:06] Just being able to share what you're doing with them is what's going to help. What typically doesn't help, though, is if you push too hard, then the management will not get the proper security. 

[19:01] You can always improve. You can have continuous improvement. Even if you look at how people are trying to integrate more into DevOps, everything's around continuous improvement. If you stand still in security, you will never get bored. What works now isn't going to work later. You can always do things better and more efficiently. Security is not a destination. It's a journey. If things come out differently, how we help mitigate that and stay on top of it is key to having any sort of longevity.

[30:42] See what communities you can get involved in. The more community involvement, the more longevity you’ll get. Join communities whether it's on LinkedIn, or something else. Also, keep in mind conferences, which are huge now.

[39:00] If you're trying to break into security, spend some time yourself. Figure out what you want to do. There are lots of opportunities to do that. If you're in security and you're running into challenges that you cannot communicate with the business, understand your business. Whatever it is, it doesn't matter what it is. The more you understand your business, the easier it is for you to relate to what their pain points are and how security is going to relate.

 

About ISE

ISE is a boutique cyber security agency made up of skilled, certified ethical hackers helping SaaS companies defend against malicious attacks. See what we do on our website. You can also follow ISE on: LinkedIn | and Twitter. Listen to more episodes via our Podcast.