For nearly a year and a half I’ve been working to build the InfoSec program at my current company. This company is a late stage startup, but still a startup. This has been quite a challenge and I’ve learned a ton in the process. Some of the most important things I’ve learned:
It doesn’t really matter what you think until you prove it. Analysis and understanding are more valuable than a thousand educated guesses.
Key to understanding your risk is understanding your business, what assets are key to your business, and working your way through those from most critical to least.
People do care about security, they just don’t think about it. Security in a startup isn’t as in your face as other problems like finances, availability & growth. You have to find ways to tie security to those things and it’s not easy. This probably doesn’t just apply to startups.
To be in security, you must have patience. Lots of patience.
With these lessons learned, it’s time for a new chapter at a new company. I’m not leaving security but my role isn’t going to be only security. I’m taking a bit of a step back to what I really have enjoyed in the past – fixing & building infrastructure. I’m walking into a company with some pretty significant challenges and I’m actually pretty excited about it. After a few years of management, I’m ready to get my hands filthy again.
This blog may evolve a little, but I’ll keep rambling here about security stuff and probably other things. I’ll still be “the security guy” at the new place – but I’ll also be “the network guy”, “the systems guy” and probably 15 other things. This is what I do – I put myself in difficult situations & do my part to improve them. I’m pretty proud of what I’ve done in the last 1.5 years running a security program – for a guy who’s never done that before I think I made good progress. If nothing else, I got some good typing practice…
And since I love quotes:
“The follies which a man regrets most, in his life, are those which he didn’t commit when he had the opportunity.” – Helen Rowland
Here’s to no regrets…