Show Notes
In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Chris Castaldo, Chief Information Security Officer at Crossbeam and author of Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit. Throughout his career, Chris noticed that the same cybersecurity related problems surface but there are many different ways to solve them.
Chris has always been passionate about startups and has plans to one day start his own company. While going through lists of top 10 books for startups and entrepreneurs he didn’t find any that mentioned how to do cybersecurity at a startup. This a significant gap for startups, not baking in cybersecurity early results in expensive rework 4-10 years after the startup is founded. This led to Chris writing Startup Secure - his goal was to create a guide and methodology for startup founders to avoid the expensive mistake of not baking cybersecurity into the startup in the beginning.
As the episode progresses, Chris highlights the difference in challenges for startups that are B2B (Business-to-Business) vs B2C (Business-to-Consumer). Cybersecurity startups must weigh the risks of building a product and building a secure company. It’s easier to implement all of the security controls offered by a solution when the startup is 20 employees or less because there is less impact on users and business functions. When cybersecurity startups are selling to organizations with cybersecurity teams, the startup is asked tough questions. For example:
- What is your vendor review process?
- Is your startup leveraging cloud security controls?
- What is your privacy policy?
As a cybersecurity professional, Chris emphases the importance of networking with other professionals. There is an increase in virtual conferences and adoption of LinkedIn. Asking questions to the leaders in the field and providing mentorship to others both provide a significant impact while cultivating your career. Chris also highlights the importance of following up on conversations to build relationships and securing opportunities.
When transitioning from engineer to CISO, Chris found that being intentional and purposeful with his time was impactful in his transition. He developed these skills by reading books about stoicism. He found that focusing on “the right thing to do” was tough because of constant distractions but being purposeful was the solution to distraction. Instead of focusing on all the things that were on his plate he would break down his goals into smaller chunks and give them his undivided attention for a specific amount of time.
Moments During This Podcast:
0:00 - Intro
1:57 - Chris Castaldo on Hacker Valley Studio Podcast
2:47 - Chris’ start in cybersecurity as a red team member
3:50 - Why did Chris write his book Startup Secure
6:58 - Challenges of implementing cybersecurity at a startup
9:56 - What excites Chris about cybersecurity
13:35 - How do you immerse yourself in learning about cybersecurity?
17:33 - Surprises when transitioning from engineer to CISO
22:43 - Core tenants of solving hard problems
25:53 - Protecting the crown jewels at an organization during a breach
33:38 - Advice on sharing knowledge with the world
Links:
Pre-order Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit
Learn more about Chris Castaldo and connect with him on LinkedIn.
Learn more about Hacker Valley Studio.
Support Hacker Valley Studio on Patreon.
Follow Hacker Valley Studio on Twitter.
Follow hosts Ron Eddings and Chris Cochran on Twitter.
Learn more about our sponsor ByteChek.
Recent Episodes
Building Cyber Resilience Through Culture with David Shipley
What if fixing cybersecurity wasn’t about more tools, but about unlocking human potential? In this episode, Ron Eddings welcomes back David Shipley, CEO and Field CSO of Beauceron Security, for ...
Ditch the Spreadsheets: Smarter Crypto Security with Michael ...
Still tracking certificates in a spreadsheet? You’re not alone—and there’s a better way. In this special episode from RSA 2025, Ron sits down with Michael Klieman, Global Vice President of ...
Protecting People, Not Just Perimeters with Andrey Suzdaltsev
AI is reshaping the cybersecurity battlefield, and cyber adversaries are getting smarter. In this episode, Ron Eddings welcomes Andrey Suzdaltsev, Co-Founder and CEO of Brightside AI, for a look ...
Digital Clutter and the Death of Passwords with Collin Sweeney & ...
Passwords are the original digital clutter—messy, overstuffed, and way too easy to forget. Like a junk drawer full of old keys and cables, we keep tossing more into them, hoping they’ll somehow ...
What Most Cybersecurity Advice Misses—And How to Fix It with ...
What if the biggest threat to cybersecurity isn’t attackers—but the defenders themselves? Why are we still building tools for experts in a world where technical skills are fading fast? In this ...
Hackers Have HR Now? featuring Christopher Budd
The internet once came this close to crashing—and Microsoft was on the front line. In this episode, cybersecurity veteran Christopher Budd takes us inside the Microsoft Security Response Center ...
Staying Ahead in the Age of AI Agents with Marco Figueroa
Marco Figueroa is back, and his AI predictions aren’t just coming true—they’re unfolding faster than anyone expected. AI agents aren’t on the horizon—they’re already here, and security teams are ...
I Built an AI Version of Myself – Here’s Why with Marcus J. Carey
The best time to be alive is right now—if you know how to use AI. Marcus J. Carey, Principal Research Scientist at ReliaQuest, is harnessing AI to supercharge creativity, cybersecurity, and ...
Cyber Warfare, Digital Deception, and the Hidden Threats We Ignore ...
We’re already in World War III—just not the kind you’re thinking of. Cyber warfare is here, and the battlefield is your inbox, your bank account, and your digital identity. So why are we still ...
The AI Shift You Can’t Ignore with Marco Figueroa
AI isn’t just evolving—it’s sprinting, and cybersecurity needs to keep up. Ron Eddings is joined again by cybersecurity leader Marco Figueroa, Program Manager for Gen AI at the ODIN Bug Bounty ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon and reach out to you at