Why Are Fortune 500 Companies Swiping Right on 3-Person Startups?

Large companies aren’t traditionally known for being the fastest to adopt new technologies. So why is cybersecurity the exception? It seems like the larger or more highly regulated an enterprise, the more likely they are to be a cybersecurity startup early adopter. What is it about innovative technology that flips the typical adoption curve??

This week’s episode is hosted by me, David Spark , producer of CISO Series and Andy Ellis , operating partner, YL Ventures . Joining us is Justin Somaini , partner, YL Ventures .

The startup balancing act

While large enterprises are early adopters of new cybersecurity technologies, securing a big client may result in startups catering to niche needs that do not align with the broader market. This misalignment hinders growth, making the startup overly focused on customized features for a few large clients, neglecting the development of a scalable product for a wider audience, pointed out Ross Haleliuk , author of Venture in Security . startups must consider their Ideal Customer Profile (ICP) and prioritize building a product that appeals to a broader market rather than being overly tailored to one large customer. On a higher level, evaluate whether engaging with a large enterprise is viable, as it may be resource-intensive greatly decreasing the benefits for a young company.

Giving back is its own reward

The concept of "giving back" to the cybersecurity community resonates. Mentorship, sharing knowledge, and raising one's profile through blogging and posting LinkedIn were named as positive ways to give back in a recent cybersecurity subreddit post. Don’t underestimate the value of mentorship within your organization. Develop a culture where professionals give back to the community because it is the right thing to do. The external recognition should be seen as a nice added benefit and not a requirement.?

When to pentest

How effective can offensive security practices be in the early stages of developing your cybersecurity program? Danny Magallanes, CISSP believes early pen testing is critical, providing valuable insights as you’re making critical decisions. If you wait too long in your program development, the insight makes them ineffective, he argued. Use pen testing selectively, particularly when political support is needed to showcase the importance of security issues to senior management. Don’t use it to replace more comprehensive approaches to identifying and mitigating security vulnerabilities. While Magallanes believes pen testing is critical to avoid costly fixes later on. Somaini and Ellis didn’t find much value in introducing pen testing early in the development of a security program.?

Getting ahead with generative AI policy

There is a tension between embracing new technological innovations around generative AI and safeguarding privacy . ???♀? Christopher Burgess at CSO Online asked how can we create a reasonable compromise. The core issue isn't the use of AI itself, but rather the implications of making recorded data more useful and accessible through AI technologies. For example, it’s become standard practice to record Zoom calls and have them automatically transcribed. Now this data is far more accessible, searchable, and can be connected to individuals. The enhanced utility of recorded content raises privacy concerns, as it can expose sensitive information more easily than before. Organizations need to establish clear privacy frameworks and guidelines before these privacy issues explode.?

Listen to the full episode over on our blog or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to BadThingsDaily on Twitter for unknowingly providing our “What’s Worse” scenarios. Thanks to Vanta .

Huge thanks to our sponsor, Vanta

Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts , Spotify , YouTube Music , Amazon Music , Pocket Casts , RSS , or just type "CISO Series Podcast" into your favorite podcast app.

What’s a great approach from a security vendor…

"My tactic and advice that I would give to sales teams is to make their customer champions of success within their organizations. If they’re able to do that, you win a customer and a relationship for life." - Justin Somaini, partner, YL Ventures.

Should Deny By Default Be the Cornerstone of Zero Trust?

"The first thing is assessing what's in the environment. So, that itself is a scary thought. I mean, one of the things that I find very interesting is when we work with customers, when we deploy an agent, when we catalog what's in their environment, there are always surprises. There are always things running on their machines that they had no idea was there." - Rob Allen, chief product officer, ThreatLocker.

Listen to full episode of "Should Deny By Default Be the Cornerstone of Zero Trust?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily?Cyber Security Headlines?newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter ?- Twice every week

Cyber Security Headlines Newsletter ?- Every weekday

LIVE! Cyber Security Headlines - Week in Review

Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Edwin Covert , head of cyber risk engineering, Bowhead Specialty . Thanks ThreatLocker .

Thanks to our Cyber Security Headlines?sponsor, ThreatLocker

Join us THIS Friday [08-16-24], for "Hacking the Demo"

Join us Friday, August 16, 2024, for?“Hacking the Demo: An hour of critical thinking about how to be pitch perfect.”

It all begins at 1 PM ET/10 AM PT on Friday, August 16, 2024?with guests Howard Holton , CTO and industry analyst, GigaOm and Tom Hollingsworth , organizer and networking analyst, Tech Field Day .?We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

>> Register <<

Join CISO Series Podcast LIVE in Seattle (08-21-24)

We're going to Seattle!

It'll be our first time ever producing a live recording of CISO Series Podcast in that beautiful city.

We'll be the closing entertainment on the first day of the National Cybersecurity Alliance 's Convene conference happening August 21-22nd, 2024 at the Rosehill Community Center in Mukilteo, WA, just outside of Seattle. Convene is a conference all about security awareness designed for security awareness professionals. And I believe this will be our fifth appearance at one of their events!

Joining me on stage for our recording will be Nicole Darden Ford , svp and CISO for Nordstrom and Varsha Agarwal , head of information security for Prosper Marketplace .

Watch the video for a preview of our recording and the event.

If you work in the security awareness industry, this is a must attend conference. Be sure to register by going?here and use our 15 percent discount code: Convene15.

KnowBe4 , Proofpoint , and Vanta

HUGE thanks to our three sponsors, KnowBe4, Proofpoint, and Vanta

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at?cisoseries.com .

Interested in sponsorship,?contact me,? David Spark .