Our Journey of Building a Security Program at a Small Startup
Dan Erxleben, Julian DeFronzo at BSides Boston 2017
Building a security program from scratch is hard enough, but it’s even harder for small security startup that is made up of a distributed workforce that is mostly remote. With a company full of people with security experience, everyone has an opinion on where the focus should be, but ultimately where does one start? And while the emergence of automation, orchestration, <insert buzzword here> tools are great for established security programs, they do very little for teams that are starting from the ground up. In this talk we will walk through our journey of how we are tackling the daunting task of building a security program from scratch at ThreatQuotient; what areas we focused on first, how we balanced security best practices with our company culture, and the challenges we faced with very limited resources.