Plato Elevate Winter Summit has been announced (Dec 7th-8th)

🔥

Back to resources

Making Information Security a Company-Wide Priority

Alignment
Convincing

15 July, 2021

Ishan Agrawal
Ishan Agrawal

CTO at Funding Societies

Ishan Agrawal, CTO at Funding Societies, seeks to protect his company from security threats from all angles.

Problem

Information security is only becoming more and more relevant for every type of company. Let’s say that my Netflix account gets compromised. Sure, I’ll be pissed, but what would make me even more pissed would be if my bank account has been compromised, as well.

You need to be aware of the different levels of data sensitivity in a Fin-Tech business. What pieces of information do consumers care most about? That’s one of the basics in data security and privacy.

From another angle, Fin-Tech in the healthcare industry will most likely be regulated by a third party. You’re dealing directly with regulators in whatever market you happen to be in, not the consumers alone. You’re liable to legal penalties and so on, including fines. As a CTO, that’s one aspect that cannot be ignored. It will end up falling on you if you do so.

Actions taken

I went through this journey myself; I didn’t have a lot of experience in the area before. I had to do a lot of self-learning about technology risk and compliance. These things are nothing that you will learn at any engineering school. What you’re used to is all very technical. This involves regulations processes. It can seem very dry and a little bit annoying as well, but it’s actually quite interesting. First, you have to build that appreciation by spending time self-learning. It’s different for different people.

Within your own company, you need to build a strong culture of information security. This involves bringing in the right people who can help you build that culture. If a new developer is writing code, they have to be aware of what’s going on with it, because, at the end of the day, somebody is going to be using it. There may be a time where the product is usable but still vulnerable and rife with security issues. That brings in an educational dimension to the equation as you teach your team why these things are important. Once you start building that culture and introducing that aspect into your processes, your developers will also start picking it up and start to learn the same lessons.

There are plenty of ways to make these things accessible. You can share articles and technology talks. You can expose your developers to courses that they can take, as well. If I spend a lot of time on that, it helps everybody to prepare for regulatory issues before they come up. I don’t think that enough companies do this. That’s why you see all of these security stories in the news every other day.

The other thing involves metrics. Knowing what is going on is an advantage. As you start to build your team, they will produce these metrics for you. You want to be able to catch issues as early on in the life cycle as possible. The later that you catch it, the more costly it becomes. You will need to pay to fix it and you will inevitably end up losing business. You need to start keeping track of where you find issues consistently. This will help you spot them earlier and earlier.

Lessons learned

  • You need to understand the business that you’re in. Over time, it’s going to become more and more important. Build this culture early on. The later you wait, the more exponentially difficult it becomes to solve the problem.
  • When you hire engineers, you need to make sure that you’re asking security-focused questions.
  • Make sure that you build general awareness of security outside of your engineering team, as well. Attackers can target any part of the company, including your most vulnerable departments.
  • This is always an ongoing process as you hire new people. You will be able to see the culture change slowly all of the time. When people are aware, they will ask the right questions. It just starts cascading down. Things will only improve as you continue to invest.

Discover Plato

Scale your coaching effort for your engineering and product teams
Develop yourself to become a stronger engineering / product leader


Related stories

Preparing Your Team for the Remote Workplace

29 November

Vadim Antonov, Engineering Manager at Meta, dictates how he brought a brand new team into the remote learning process by ramping up onboarding and creating a mentor system.

Alignment
Remote
Internal Communication
Coaching / Training / Mentorship
Data Team
Cross-Functional Collaboration
Vadim Antonov

Vadim Antonov

Engineering Manager at Facebook

How to Strengthen Your Team Pitch

29 November

Vadim Antonov, Engineering Manager at Meta, details his journey to improve his personal hiring process and team pitch.

Alignment
Personal Growth
Hiring
Coaching / Training / Mentorship
Changing Company
Vadim Antonov

Vadim Antonov

Engineering Manager at Facebook

Improving Team Execution in a Remote Environment

29 November

Vadim Antonov, Engineering Manager at Meta, details his process of implementing an organized execution system for his cross-functional team.

Alignment
Remote
Leadership
Delegate
Feedback
Vadim Antonov

Vadim Antonov

Engineering Manager at Facebook

Building trust as a new Manager

23 November

Neelima Annam, Sr Director Information Technology at Outmatch, shares her insight into her growth path of evolving her management style to build trust.

Alignment
Personal Growth
Conflict Solving
Coaching / Training / Mentorship
New Manager
Neelima Annam

Neelima Annam

Sr. Director Information Technology at Outmatch HCM

Building a Long-Lasting Career Infrastructure Using Ikigai Principles

16 November

Albert Lie, former Founding Engineer and Tech Lead at Xendit, shares his annual performance review process implementing principles from the Ikigai framework into regular check-ins.

Alignment
Scaling Team
Personal Growth
Meetings
Motivation
Albert Lie

Albert Lie

Former Tech Lead at Xendit

You're a great engineer.
Become a great engineering leader.

Plato (platohq.com) is the world's biggest mentorship platform for engineering managers & product managers. We've curated a community of mentors who are the tech industry's best engineering & product leaders from companies like Facebook, Lyft, Slack, Airbnb, Gusto, and more.