Startup Security: Starting a Security Program at a Startup - AppSecCali 2019

Explore strategies for introducing and managing security at startups in this 50-minute conference talk from AppSecCali 2019. Gain insights into the unique challenges of implementing security measures in fast-paced, high-risk-tolerance environments. Learn how to successfully integrate a security team within a startup, prioritize security initiatives, and navigate the quirks and ambiguities of young companies. Discover practical approaches to security engineering, incident response, compliance, and workplace security tailored for startup environments. Understand the importance of basic incident response plans and how to address challenges faced by distributed teams. Benefit from the speaker's experience at Cloudflare and acquire key takeaways for building an effective security program from the ground up in a startup setting.

Intro
Who am I
CloudFlare
What is this talk
What is a security team
Security at a SAS business
Growth and innovation
Security at startups
How to join a startup
How to bring security to a startup
What are your priorities
Playbook
Security Engineering
Detection Response
Compliance
Workplace security
AWS key management
Key takeaways
Do we have suck
Basic incident response plan
Challenges of distributed teams