Back to resources

Making Information Security a Company-Wide Priority

Alignment
Convincing

15 July, 2021

Ishan Agrawal
Ishan Agrawal

CTO at Funding Societies

Ishan Agrawal, CTO at Funding Societies, seeks to protect his company from security threats from all angles.

Problem

Information security is only becoming more and more relevant for every type of company. Let’s say that my Netflix account gets compromised. Sure, I’ll be pissed, but what would make me even more pissed would be if my bank account has been compromised, as well.

You need to be aware of the different levels of data sensitivity in a Fin-Tech business. What pieces of information do consumers care most about? That’s one of the basics in data security and privacy.

From another angle, Fin-Tech in the healthcare industry will most likely be regulated by a third party. You’re dealing directly with regulators in whatever market you happen to be in, not the consumers alone. You’re liable to legal penalties and so on, including fines. As a CTO, that’s one aspect that cannot be ignored. It will end up falling on you if you do so.

Actions taken

I went through this journey myself; I didn’t have a lot of experience in the area before. I had to do a lot of self-learning about technology risk and compliance. These things are nothing that you will learn at any engineering school. What you’re used to is all very technical. This involves regulations processes. It can seem very dry and a little bit annoying as well, but it’s actually quite interesting. First, you have to build that appreciation by spending time self-learning. It’s different for different people.

Within your own company, you need to build a strong culture of information security. This involves bringing in the right people who can help you build that culture. If a new developer is writing code, they have to be aware of what’s going on with it, because, at the end of the day, somebody is going to be using it. There may be a time where the product is usable but still vulnerable and rife with security issues. That brings in an educational dimension to the equation as you teach your team why these things are important. Once you start building that culture and introducing that aspect into your processes, your developers will also start picking it up and start to learn the same lessons.

There are plenty of ways to make these things accessible. You can share articles and technology talks. You can expose your developers to courses that they can take, as well. If I spend a lot of time on that, it helps everybody to prepare for regulatory issues before they come up. I don’t think that enough companies do this. That’s why you see all of these security stories in the news every other day.

The other thing involves metrics. Knowing what is going on is an advantage. As you start to build your team, they will produce these metrics for you. You want to be able to catch issues as early on in the life cycle as possible. The later that you catch it, the more costly it becomes. You will need to pay to fix it and you will inevitably end up losing business. You need to start keeping track of where you find issues consistently. This will help you spot them earlier and earlier.

Lessons learned

  • You need to understand the business that you’re in. Over time, it’s going to become more and more important. Build this culture early on. The later you wait, the more exponentially difficult it becomes to solve the problem.
  • When you hire engineers, you need to make sure that you’re asking security-focused questions.
  • Make sure that you build general awareness of security outside of your engineering team, as well. Attackers can target any part of the company, including your most vulnerable departments.
  • This is always an ongoing process as you hire new people. You will be able to see the culture change slowly all of the time. When people are aware, they will ask the right questions. It just starts cascading down. Things will only improve as you continue to invest.

Discover Plato

Scale your coaching effort for your engineering and product teams
Develop yourself to become a stronger engineering / product leader


Related stories

Navigating Disagreements When It Comes to Priorities

9 May

Pavel Safarik, Head of Product at ROI Hunter, shares his insights on how to deal with disagreements about prioritization when building a product.

Innovation / Experiment
Product Team
Product
Dev Processes
Conflict Solving
Internal Communication
Collaboration
Convincing
Strategy
Prioritization
Pavel Safarik

Pavel Safarik

Head of Product at ROI Hunter

A Look Into the Hiring Pipeline: How to Fine Tune the Interviewing Process

9 May

Sourabh Sahay, Engineering Manager at Meta, discusses how talent acquisition can be made more efficient by refining the hiring processes.

Alignment
Different Skillsets
Building A Team
Hiring
Fairness
Sourabh Sahay

Sourabh Sahay

Engineering Manager at Meta (Facebook, Oculus, & Family of Apps)

Balancing Technical Debt Innovation: How Roadmaps for Development Help Your Company Succeed

4 May

Brad Jayakody outlines the roadmap to maintaining a healthy balance between technical debt and team growth. However, just as balancing acts go it is important to have a strong foundation.

Alignment
Leadership
Impact
Roadmap
Tech Debt
Career Path
Brad Jayakody

Brad Jayakody

Director of Engineering at Motorway

How to Successfully Hire a Team in the Remote World

22 April

Jay Dave, Sr Director Of Engineering at Synack, explains how he overcame the hiring struggles while transitioning into a remote environment.

Alignment
Remote
Company Culture
Hiring
Jay Dave

Jay Dave

Sr Director Of Engineering at Synack

Implementing and Reviewing Roadmaps: Strategies for Transparency and Alignment

20 April

Mike Nuttall, CTO at MyTutor UK, puts emphasis on the importance of creating and reviewing company roadmaps to strategize growth and alignment within an organization.

Alignment
Scaling Team
Company Culture
Diversity
Roadmap
Strategy
Mike Nuttall

Mike Nuttall

CTO at MyTutor

You're a great engineer.
Become a great engineering leader.

Plato (platohq.com) is the world's biggest mentorship platform for engineering managers & product managers. We've curated a community of mentors who are the tech industry's best engineering & product leaders from companies like Facebook, Lyft, Slack, Airbnb, Gusto, and more.