Watch Now

Show Notes

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Chris Castaldo, Chief Information Security Officer at Crossbeam and author of Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit. Throughout his career, Chris noticed that the same cybersecurity related problems surface but there are many different ways to solve them.

Chris has always been passionate about startups and has plans to one day start his own company. While going through lists of top 10 books for startups and entrepreneurs he didn’t find any that mentioned how to do cybersecurity at a startup. This a significant gap for startups, not baking in cybersecurity early results in expensive rework 4-10 years after the startup is founded. This led to Chris writing Startup Secure - his goal was to create a guide and methodology for startup founders to avoid the expensive mistake of not baking cybersecurity into the startup in the beginning.

As the episode progresses, Chris highlights the difference in challenges for startups that are B2B (Business-to-Business) vs B2C (Business-to-Consumer). Cybersecurity startups must weigh the risks of building a product and building a secure company. It’s easier to implement all of the security controls offered by a solution when the startup is 20 employees or less because there is less impact on users and business functions. When cybersecurity startups are selling to organizations with cybersecurity teams, the startup is asked tough questions. For example:

  • What is your vendor review process?
  • Is your startup leveraging cloud security controls?
  • What is your privacy policy?

 

As a cybersecurity professional, Chris emphases the importance of networking with other professionals. There is an increase in virtual conferences and adoption of LinkedIn. Asking questions to the leaders in the field and providing mentorship to others both provide a significant impact while cultivating your career. Chris also highlights the importance of following up on conversations to build relationships and securing opportunities. 

When transitioning from engineer to CISO, Chris found that being intentional and purposeful with his time was impactful in his transition. He developed these skills by reading books about stoicism. He found that focusing on “the right thing to do” was tough because of constant distractions but being purposeful was the solution to distraction. Instead of focusing on all the things that were on his plate he would break down his goals into smaller chunks and give them his undivided attention for a specific amount of time.

 

Moments During This Podcast:

0:00 - Intro

1:57 - Chris Castaldo on Hacker Valley Studio Podcast

2:47 - Chris’ start in cybersecurity as a red team member

3:50 - Why did Chris write his book Startup Secure

6:58 - Challenges of implementing cybersecurity at a startup

9:56 - What excites Chris about cybersecurity

13:35 - How do you immerse yourself in learning about cybersecurity?

17:33 - Surprises when transitioning from engineer to CISO

22:43 - Core tenants of solving hard problems

25:53 - Protecting the crown jewels at an organization during a breach

33:38 - Advice on sharing knowledge with the world

 

Links:

Pre-order Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit

Learn more about Chris Castaldo and connect with him on LinkedIn.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Recent Episodes

Nov 12, 2024

From Shadow IT to Full Asset Visibility with Wes Wright

Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take ...

Nov 6, 2024

Building Opportunities for Women and Minorities in Cybersecurity ...

How do you create waves of change in an industry? Connie Matthews, Founder and CEO of ReynCon, speaks with Ron about the power of resilience, mentorship, and taking that first bold step in ...

Oct 29, 2024

Rethinking Cybersecurity Hiring with Naomi Buckwalter

Is cybersecurity gatekeeping holding back the industry? Naomi Buckwalter, Senior Director of Product Security at Contrast Security and Founder of the Cybersecurity Gatebreakers Foundation, ...

Oct 22, 2024

AI, Deepfakes, and Human Risk in Cybersecurity with Perry Carpenter

In a world filled with AI-generated deceptions, how do we discern what’s real? Ron sits down with Perry Carpenter, author of FAIK: A Practical Guide to Living in a World of Deepfakes, ...

Oct 15, 2024

How to Become a True Security Leader with Nathan Case

How does one become a true security leader? According to Nathan Case, it’s not about titles—it’s about impact.  In this episode, Nathan Case, VP of Cloud Security at Clarity, shares his journey ...

Oct 8, 2024

AI and the Future of Cyber Defense with John Hubbard

How can AI shape the future of cybersecurity defense? In this episode, we dive into SOC operations, AI integration, and the latest in threat detection with John Hubbard, Cyber Defense Curriculum ...

Oct 1, 2024

How Adversaries Are Living Off The Dark Web with Jason Haddix

Have you ever lost something important, only to find out someone moved it without telling you? The same thing happens with our personal and business data. But what if you could see what the ...

Sep 24, 2024

AT&T Dynamic Defense: Security Before It Reaches Your Company's ...

In this episode, Ron Eddings and Jen Langdon speak with Senthil Ramakrishnan, Assistant Vice President of Cybersecurity Product at AT&T Business. Senthil shares information about how a new ...

Sep 17, 2024

Soft Skills in Technical Sales to Connect and Sell More with ...

Technical skills open doors, but are soft skills sealing the deal? In this episode, Evgeniy Kharam reveals how communication and connection lead to success in technical sales.    From ...

Sep 10, 2024

Recon Like An Adversary: Uncovering Modern Techniques in Attack ...

Ever wondered how the best defenders become unstoppable? They think like the attackers. In this episode with Jason Haddix, we reveal the strategies hackers don’t want you to know about and show ...

WORK WITH US

PODCASTS + SPEAKING + EVENTS

Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.