Show Notes
In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Chris Castaldo, Chief Information Security Officer at Crossbeam and author of Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit. Throughout his career, Chris noticed that the same cybersecurity related problems surface but there are many different ways to solve them.
Chris has always been passionate about startups and has plans to one day start his own company. While going through lists of top 10 books for startups and entrepreneurs he didn’t find any that mentioned how to do cybersecurity at a startup. This a significant gap for startups, not baking in cybersecurity early results in expensive rework 4-10 years after the startup is founded. This led to Chris writing Startup Secure - his goal was to create a guide and methodology for startup founders to avoid the expensive mistake of not baking cybersecurity into the startup in the beginning.
As the episode progresses, Chris highlights the difference in challenges for startups that are B2B (Business-to-Business) vs B2C (Business-to-Consumer). Cybersecurity startups must weigh the risks of building a product and building a secure company. It’s easier to implement all of the security controls offered by a solution when the startup is 20 employees or less because there is less impact on users and business functions. When cybersecurity startups are selling to organizations with cybersecurity teams, the startup is asked tough questions. For example:
- What is your vendor review process?
- Is your startup leveraging cloud security controls?
- What is your privacy policy?
As a cybersecurity professional, Chris emphases the importance of networking with other professionals. There is an increase in virtual conferences and adoption of LinkedIn. Asking questions to the leaders in the field and providing mentorship to others both provide a significant impact while cultivating your career. Chris also highlights the importance of following up on conversations to build relationships and securing opportunities.
When transitioning from engineer to CISO, Chris found that being intentional and purposeful with his time was impactful in his transition. He developed these skills by reading books about stoicism. He found that focusing on “the right thing to do” was tough because of constant distractions but being purposeful was the solution to distraction. Instead of focusing on all the things that were on his plate he would break down his goals into smaller chunks and give them his undivided attention for a specific amount of time.
Moments During This Podcast:
0:00 - Intro
1:57 - Chris Castaldo on Hacker Valley Studio Podcast
2:47 - Chris’ start in cybersecurity as a red team member
3:50 - Why did Chris write his book Startup Secure
6:58 - Challenges of implementing cybersecurity at a startup
9:56 - What excites Chris about cybersecurity
13:35 - How do you immerse yourself in learning about cybersecurity?
17:33 - Surprises when transitioning from engineer to CISO
22:43 - Core tenants of solving hard problems
25:53 - Protecting the crown jewels at an organization during a breach
33:38 - Advice on sharing knowledge with the world
Links:
Pre-order Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit
Learn more about Chris Castaldo and connect with him on LinkedIn.
Learn more about Hacker Valley Studio.
Support Hacker Valley Studio on Patreon.
Follow Hacker Valley Studio on Twitter.
Follow hosts Ron Eddings and Chris Cochran on Twitter.
Learn more about our sponsor ByteChek.
Recent Episodes
Turning AI Into Your Super Tool with Ron Eddings
AI is neither friend nor foe, it’s both. The way we choose to use it determines whether it helps or harms. In this solo episode, Ron Eddings shares lessons from his first job at a grocery store, ...
Mentorship to Mastery: AI and Community Lessons with Ron Eddings
AI might analyze your logs in seconds, but only the community can put you in the room that changes your career. In this solo episode, Ron Eddings discusses the powerful balance between human ...
From MCP Risks to AI Jailbreaks with Marco Figueroa
When AI agents move faster than security teams, the game changes, and the risks multiply. Ron welcomes back Marco “Mystic Marc” Figueroa, Program Manager at Mozilla’s 0DIN Program, to continue ...
Debt vs. Risk: What the SharePoint Breach Taught Us with Ron ...
The riskiest move in cybersecurity? Playing it too safe. In this solo episode, Ron Eddings redefines the way we think about technical debt, risk, and missed opportunities, in security and in ...
The Future of Cyber Talent Is African with Confidence Staveley
The world’s youngest continent is also its most untapped resource. Confidence Staveley, Founder of CyberSafe, makes a powerful case for why Africa’s youth are the answer to global cybersecurity ...
Compliance Isn’t the Enemy with Jeff Man
Is compliance just a checkbox, or the backbone of real security? Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't ...
What Makes a Great CISO? A Playbook from Gary Hayslip
What separates a great CISO from a great one? In this powerhouse conversation, Ron invites friend and cybersecurity leader Gary Hayslip, CISO at SoftBank Investment Advisers, back on the mic to ...
Confidence, Coaching, and the S-Word with Mel Reyes
Want to stand out as a leader? According to our guest Mel Reyes, you need to dress like you mean it and speak like you’ve got nothing to prove. In this episode, Mel shares how he built ...
Purple Teaming Is the New Job Security with Maril Vernon
Cybersecurity isn’t just red or blue anymore... it’s purple, white, and deeply human. Maril Vernon, award-winning ethical hacker and Senior Solutions Architect at NetSPI, returns to the Hacker ...
The AI Gold Rush in Cybersecurity with Chris Cochran
The new cybersecurity pioneers aren’t chasing alerts, they’re building with AI. But what happens when tools meant to assist begin making decisions for us? And what skills do we lose when ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon and reach out to you at