Skip to content
Join NCC Group's Sourya Biswas for Security on a Budget: Building Security from Scratch at BSides Oklahoma on April 30!
Join NCC Group's Sourya Biswas for Security on a Budget: Building Security from Scratch at BSides Oklahoma on April 30!

BSides Oklahoma - Security on a Budget: Building Security from Scratch

Event date 30 April 2021

Location Virtual

Join NCC Group's Sourya Biswas for Security on a Budget: Building Security from Scratch at BSides Oklahoma on April 30!

Abstract

In my career, I've had the opportunity to help build the security program for a startup which suddenly became successful enough to become a target. Also, more number of transactions brought it into the ambit of Level 2 PCI compliance, with Level 1 projected in near future. Joining as the second hire to the Tech Security & Compliance team after the CISO, I helped roll out multiple products and services, right from evaluation to managing the implementation projects. Getting buy-in and budgetary approvals from the Board and Executive Leadership required us to develop a staggered, results-driven approach shaped by the concept of Defense in Depth.

In addition to my experience as an operator in a new Security team, I’ve had the opportunity to advise such teams in my role as a Security Consultant. From Series B+ shops to household names on the verge of going public, my startup clients span a spectrum of sizes and security maturities. This session will include lessons learned, mistakes made and recommendations provided.

This presentation will combine lessons learned during my time at the startup with knowledge gleaned from my consulting career advising startup clients on their security postures. This presentation shall cover the following areas:

1. Understanding business requirements and company culture

2. Defining guiding principles and security philosophy

3. Understanding current state and desired future state

4. Implementing staggered Defense in Depth (admin, physical and technical security)

5. Establishing governance mechanisms

6. Reporting and communications

I plan to engage the audience by talking about actual examples of anonymized clients. I also intend to invite audience participation in narrating anecdotes on managing security on a small budget. Specifically, I will be inviting inputs on prioritization, communications upward and downward the chain of command, and lessons learned with focus on failures.

Subjects

Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7824 412 405
NCC Group - Financial Media Enquiries

NCC Group - Financial Media Enquiries

Press contact Maitland AMO Financial Results Media Enquiries +44 (0)20 7379 5151
Regional Press Office - North America

Regional Press Office - North America

Press contact +1 408 776 1400

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom