At Threat Stack, we believe in building a security culture that starts at the top and functions as a cross-organizational discipline. Achieving this goal requires education and transparency among business partners. That’s why we at Threat Stack have built our own internal security council, which meets regularly and reviews issues that are relevant and timely for our organization. Read more “How a Cloud Security Company Runs Its Security Council”
Before I started working at Threat Stack, security was not always at the top of my priority list. Now, as the CFO of a leading cloud security company, I’ve learned to take a more holistic view of security: I still view it as a necessity that ensures the safety of an organization’s data and systems, of course, but I also understand that it can be a powerful business enabler and business driver.
Put another way, I no longer view security as just an expense (a “necessary evil”?), and see it as an investment that adds ongoing value throughout the organization and beyond as it not only provides foundational security, but also bolsters corporate reputation, adds confidence to customer relations, streamlines sales cycles, reassures board members and investors, helps with achieving compliance, and so on.
In spite of the huge value it adds, security can still be something of a hard sell — especially in companies where resources, including budget, are limited. With that in mind, I want to use this post to share some of the things I’ve learned as CFO at Threat Stack. Read more “5 Security Blogs Your CFO Needs to Read”
If you operate in a regulated industry, or have customers or partners who do, being compliant is non-negotiable. If regulatory requirements mandate compliance, you’ll be required to produce certain evidence in order to be certifiably compliant. And in order for many customers to do business with you, you need to be able to demonstrate how you’re compliant.
But before you jump right in, there are a few questions you should be asking yourself and your customers or partners. These are designed to clarify their expectations and help to scope out their compliance requirements. Becoming compliant is a large undertaking, so knowing where to start is just as important as knowing where to end. That’s why understanding exactly what your customers or partners require of you can help to narrow the scope and keep your team focused on the right compliance initiatives.
Based on conversations we’ve had with customers, here are five clarifying questions to ask yourselves internally when a customer or prospect inquires about compliance. Read more “Five Questions to Ask When a Customer or Partner Asks You to Become Compliant”
Picture the scene: You’re at the monthly board of directors meeting when someone asks, “So, what are you guys doing about security?”
Even two years ago, a CSA survey found that security was a board-level concern at 61% of companies. Why?
High-profile breaches have certainly made everyone conscious of cyber security issues, and as awareness and knowledge have grown, boards have begun to take a direct interest in the security of the companies they have invested in. Given that there are very real monetary and reputational consequences to a security breach, board members want to know what steps you are taking to prevent one. Read more “How to Answer Your Board’s Tough Security Questions”
The IRS recently issued a warning that W-2 phishing scams are on the rise. In fact, 29,000 victims have already been claimed in 2017 to date! The attacks this year have started earlier than in previous years and are targeting a broader range of businesses. It’s time we learned how to better protect ourselves against this rampant form of fraud. Read more “W-2 Phishing Scams: What You Need to Know to Stay Secure”
I have worked in finance roles in the tech industry for much of my career, but since joining Threat Stack I’ve had my eyes opened wide to the world of security. I have learned just how vital an effective security strategy is to the health of any modern business — and as a corollary, how critical a carefully planned security budget is.
Building a security budget can be a complex and sometimes fraught process, so I wanted to share some insights from my viewpoint as the CFO of a cloud security company. Below are five things I urge you to consider when you put together your own organization’s security budget.
In an earlier blog post I wrote about looking at security as an investment (as opposed to an expense), focusing on the value that an integrated cloud-native security platform can deliver to investors, board members, and C-Level executives. In this post, I’m going to broaden my focus to include some of the other issues you need to include in your “security as an investment” plan.
In the time I’ve been CFO at Threat Stack, I’ve had some interesting discussions about cloud security with fellow CFOs at a few of our customers and prospects. They know security is important, but just like me, they are tasked with managing limited resources to meet their strategic and financial objectives. They have a financial plan they need to deliver on as well as budgets and gross margin targets; and this means they are constantly balancing risks against expenditures.