Watch Now

Show Notes

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Chris Castaldo, Chief Information Security Officer at Crossbeam and author of Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit. Throughout his career, Chris noticed that the same cybersecurity related problems surface but there are many different ways to solve them.

Chris has always been passionate about startups and has plans to one day start his own company. While going through lists of top 10 books for startups and entrepreneurs he didn’t find any that mentioned how to do cybersecurity at a startup. This a significant gap for startups, not baking in cybersecurity early results in expensive rework 4-10 years after the startup is founded. This led to Chris writing Startup Secure - his goal was to create a guide and methodology for startup founders to avoid the expensive mistake of not baking cybersecurity into the startup in the beginning.

As the episode progresses, Chris highlights the difference in challenges for startups that are B2B (Business-to-Business) vs B2C (Business-to-Consumer). Cybersecurity startups must weigh the risks of building a product and building a secure company. It’s easier to implement all of the security controls offered by a solution when the startup is 20 employees or less because there is less impact on users and business functions. When cybersecurity startups are selling to organizations with cybersecurity teams, the startup is asked tough questions. For example:

  • What is your vendor review process?
  • Is your startup leveraging cloud security controls?
  • What is your privacy policy?

 

As a cybersecurity professional, Chris emphases the importance of networking with other professionals. There is an increase in virtual conferences and adoption of LinkedIn. Asking questions to the leaders in the field and providing mentorship to others both provide a significant impact while cultivating your career. Chris also highlights the importance of following up on conversations to build relationships and securing opportunities. 

When transitioning from engineer to CISO, Chris found that being intentional and purposeful with his time was impactful in his transition. He developed these skills by reading books about stoicism. He found that focusing on “the right thing to do” was tough because of constant distractions but being purposeful was the solution to distraction. Instead of focusing on all the things that were on his plate he would break down his goals into smaller chunks and give them his undivided attention for a specific amount of time.

 

Moments During This Podcast:

0:00 - Intro

1:57 - Chris Castaldo on Hacker Valley Studio Podcast

2:47 - Chris’ start in cybersecurity as a red team member

3:50 - Why did Chris write his book Startup Secure

6:58 - Challenges of implementing cybersecurity at a startup

9:56 - What excites Chris about cybersecurity

13:35 - How do you immerse yourself in learning about cybersecurity?

17:33 - Surprises when transitioning from engineer to CISO

22:43 - Core tenants of solving hard problems

25:53 - Protecting the crown jewels at an organization during a breach

33:38 - Advice on sharing knowledge with the world

 

Links:

Pre-order Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit

Learn more about Chris Castaldo and connect with him on LinkedIn.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Recent Episodes

Aug 28, 2025

Turning AI Into Your Super Tool with Ron Eddings

AI is neither friend nor foe, it’s both. The way we choose to use it determines whether it helps or harms. In this solo episode, Ron Eddings shares lessons from his first job at a grocery store, ...

Aug 21, 2025

Mentorship to Mastery: AI and Community Lessons with Ron Eddings

AI might analyze your logs in seconds, but only the community can put you in the room that changes your career. In this solo episode, Ron Eddings discusses the powerful balance between human ...

Aug 14, 2025

From MCP Risks to AI Jailbreaks with Marco Figueroa

When AI agents move faster than security teams, the game changes, and the risks multiply. Ron welcomes back Marco “Mystic Marc” Figueroa, Program Manager at Mozilla’s 0DIN Program, to continue ...

Aug 7, 2025

Debt vs. Risk: What the SharePoint Breach Taught Us with Ron ...

The riskiest move in cybersecurity? Playing it too safe. In this solo episode, Ron Eddings redefines the way we think about technical debt, risk, and missed opportunities, in security and in ...

Jul 31, 2025

The Future of Cyber Talent Is African with Confidence Staveley

The world’s youngest continent is also its most untapped resource. Confidence Staveley, Founder of CyberSafe, makes a powerful case for why Africa’s youth are the answer to global cybersecurity ...

Jul 24, 2025

Compliance Isn’t the Enemy with Jeff Man

Is compliance just a checkbox, or the backbone of real security? Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't ...

Jul 17, 2025

What Makes a Great CISO? A Playbook from Gary Hayslip

What separates a great CISO from a great one? In this powerhouse conversation, Ron invites friend and cybersecurity leader Gary Hayslip, CISO at SoftBank Investment Advisers, back on the mic to ...

Jul 10, 2025

Confidence, Coaching, and the S-Word with Mel Reyes

Want to stand out as a leader? According to our guest Mel Reyes, you need to dress like you mean it and speak like you’ve got nothing to prove. In this episode, Mel shares how he built ...

Jun 26, 2025

Purple Teaming Is the New Job Security with Maril Vernon

Cybersecurity isn’t just red or blue anymore... it’s purple, white, and deeply human. Maril Vernon, award-winning ethical hacker and Senior Solutions Architect at NetSPI, returns to the Hacker ...

Jun 19, 2025

The AI Gold Rush in Cybersecurity with Chris Cochran

The new cybersecurity pioneers aren’t chasing alerts, they’re building with AI. But what happens when tools meant to assist begin making decisions for us? And what skills do we lose when ...

WORK WITH US

PODCASTS + SPEAKING + EVENTS

Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.