Infosec for startups - Overview

Key topics on Infosec for startups

  • One of the harder jobs in security is to be the first security person at a startup since startups typically have various types of security problems, and you can’t expect one person to cover all of those fields.
  • Considerations when evaluating security consultants are the breadth of services being offered and the billing model being used.
  • One way to describe the SOC2 standard in the least number of words is: do you do what you say, and do you say what you do?
  • Seven best practices to pass SOC2 are defined in LVH’s The SOC 2 Starting Seven blog post.
  • The Crypto 101 e-book is an introduction to cryptography basics for application developers.
  • When determining the programming language to solve a given problem, it’s important to use the right tool for the job.

Expanding your knowledge on Infosec for startups

Infosec for startups - Introduction

Ben: Welcome to Access Control, a podcast providing practical security advice for startups, advice from people who’ve been there. Each episode we’ll interview a leader in their field and learn best practices and practical tips for securing your org. For today’s episode, I’ll be talking to LVH. LVH is a principal and co-founder of Latacora. Latacora is a security consultancy that’s focused on creating security practice and maturating in-house capabilities. Teleport has been partnering with Latacora for a number of years and we’ve found that they’re valuable as we’ve grown. I was fortunate enough to work in the same office as LVH during my time at Rackspace. Along with enjoying LVH’s hack day projects, I always learned a lot about new security and encryption technologies. LVH, thanks for joining us today.

LVH: Thanks for having me.

Ben: To kick things off, can you tell me what it means to have a security practice in a startup?

LVH: Great question. So I think one of the original challenges that we saw when we started Latacora is that there was lots of startups who were trying to do security things. For many of them, that might mean — I’m going to go get a pen test, right? For many of them, unfortunately, they’ll look at that pen test and the impact on security for that company if you go look a year later. It’s not necessarily that valuable...

Try Teleport today

In the cloud, self-hosted, or open source
Get startedView developer docs