Hi, everyone. This is Jeff Spetter from ThirdPartyTrust and I had the great pleasure of speaking with Rocio Baeza, CEO of CyberSecurityBase. Here's a recap and audio of the interview.
Rocio Baeza the CEO and Founder of CyberSecurityBase, helping rising tech companies get started with information security. The mission is to simplify security, teach that model, and empower tech leaders.
Given her work, she understand the limitations of resources companies may have to invest in cybersecurity. She doesn't necessarily recommend for smaller organizations to follow frameworks meant for large enterprises. Because of the limitations of resources , both time and capital, she recommends using a simple framework. She starts her work with the executive team, often the CTO in understanding the capacity for information security and regulations surrounding the industry. Once she has an understanding of the goals, she starts with governance and policy formation and then moves onto employee training.
She says all organizations need to start with their understanding of security and then move on to access to education for employees.
Two Biggest Threats Facing Organizations
1. There's a surge of free tools
There’s a surge of free tools being used at organizations. When a marketing group or engineering team accesses a free application, these companies miss the traditional IT security gateways. That potentially causes consumer information or private company information to be exposed. This is a real threat to organizations that can be managed with simple processes. If you're looking for further information on what constitutes a vendor or how to distinguish free tools and enterprise applications, glean insights from the expert panel Anders Norremo moderated last year.
2. Organizations are more wide reaching than ever
There hasn't been much thought that goes into transparency. Transparency with consumers and where their data is going and how it's being used outside of the original business use case. Who’s defining what the allowable use of information is beyond the business case?
Recommendations for Smaller Companies
Baeza suggests developing a simple framework for the entire organization to follow for third party risk. Ultimately, creating something simple will remove walls and make the organization more secure. Secondly, evaluate what regulations or laws are you subject to given your industry. Once you have that understanding, put together policy and training that’s wrapped around it. She doesn't recommend smaller companies follow an enterprise framework, but rather follow security requirements that adhere to the organizations size and abilities.
You can reach Rocio Baeza firstname.lastname@example.org.
Rocio Baeza studied Mathematics at the University of Chicago. Her professional background includes data analytics, product management, and IT compliance in the private sector. Her previous roles include analyst, consultant, manager, and Chief Security Officer. During this time, Rocio has observed that rising tech companies are in a unique position where they are offering innovative products and services, however, the traditional information security model is an immediate poor fit. This is leaving emerging tech companies AND consumers in a vulnerable position, and Rocio is on a mission to help change that.