Start-Up Secure. Chris Castaldo
Читать онлайн книгу.
has emerged as a critical competency for businesses, and this trend will likely continue or accelerate. The guidance provided in these pages will save founders from making preventable mistakes in multiple dimensions, from technical security decisions to avoiding unreasonable contract language. The wisdom shared by Chris is hard-learned, and a valuable addition to any entrepreneur's thought process.”
– Paul Ihme, co-founder, Soteria
“Cybersecurity is often thought of as too intimidating or complex for the layperson to comprehend. Chris Castaldo's book, Start-Up Secure, seeks to take the mystery out of succeeding at cybersecurity. His straightforward and direct approach serves as an essential guide to starting out on the right foot with your security program. It is accessible and actionable and I would recommend it to anyone seeking to tackle cybersecurity, the most important business challenge of our time.”
– Brian Markham, CISO, EAB Global Inc.
Start-Up Secure
Baking Cybersecurity into Your Company from Founding to Exit
CHRIS CASTALDO
Copyright © 2021 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993, or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data is Available:
ISBN 978-1-119-70073-9 (Hardback)
ISBN 978-1-119-70074-6 (ePDF)
ISBN 978-1-119-70075-3 (ePub)
Cover Design: Wiley
Cover Image: © deepadesigns/Shutterstock
To my wife, daughter, and son, you have made reality better than the dream.
Foreword
“Connect”
I connected with Chris years ago. In classic Chris fashion: he shared a thoughtful cybersecurity insight on LinkedIn and our mutual friend connected the dots between us. While meeting him was great, little did I realize that simple connection was going to lead to years of friendship and learning.
Cybersecurity has been in such a constant state of flux that many companies still don't know how to write a chief information security officer (CISO) job description; they don't know what a CISO does in their day-to-day job. You will find CISOs as heads of IT, internal pentesters, security engineers, writing compliance reports, negotiating legal terms, reporting to any C-suite role, and some taking primarily customer-facing responsibilities.
There is little question that the security role is still in an early stage in its evolution. With all of that confusion, it is no wonder that resource-constrained start-ups and founders have no idea how to proactively build a security program. And with a start-up's demands to prioritize time, opportunity, and resources, it's no surprise to find start-ups with no security programs at all.
The reality is that as the world evolves and more business becomes increasingly digital, the security bar is rising for all vendors. Every customer that trusts a vendor with its resources (i.e., financials, customer data) wants to know that their sensitive information is being handled safely; something they know the bigger vendors are likely working on.
Luckily, start-ups are smaller targets for attackers and typically have much less legacy risk to accept. This results in high ROI, low-hanging fruit opportunities for start-ups, and large deltas in security preparedness between early stage start-ups. Coupled with the fast-paced, leading-edge value that a start-up can provide a customer, building security from the beginning is an exciting possibility.
Chris's dedication to learning and to helping the security ecosystem has been incredible to see over the years. This book is yet another example of his efforts to take his lessons learned as a CISO for different-sized companies and to help others. With this book, founders will begin to understand the necessary fundamentals of securing a start-up.
Meeting Chris years ago kicked off an awesome learning opportunity on the day-to-day dynamics of taking on a security leadership role at a fast-growing company. I'm likewise excited for readers to discover this book and to journey deeper into the world of security for start-ups.
Cheers,
Will Lin
Co-Founder & Partner
ForgePoint Capital
Cybersecurity VC
Preface
MOST BOOKS END WITH A QUOTE from a famous source; I am starting with one. In his book The 7 Habits of Highly Effective People, Stephen Covey states “The main thing is to keep the main thing the main thing.” This should apply to your start-up and how you should view every suggestion in this book. Every cybersecurity choice you make should, at the end of the day, be to enhance whatever it is you are building. From getting a better product out the door to high customer satisfaction from the services you provide. Don't lose sight.
There are a lot of topics covered in this book and cybersecurity taken as a whole can be overwhelming. That's why there is an entire industry built around it. As you read through this book, always keep in mind what is right for your start-up and your customers. You