Advisory Only
You have a team, but you and your team needs context and help getting mentally ready to address.
- Time frame: 2-3 months
- Engagement: Weekly or Bi-weekly calls
- Summary: Weekly calls, background Research, not visible to team, bottom up review of existing code, tools, patterns and stack components. Good for the CEO who needs background before dealing with board, investors or internal leadership.
Advisory + Execution
When you need hands on help to get the job done. To talk to outside cybersecurity experts, and you need to keep work from overloading your team.
- Time frame: 2-3 months
- Engagement: Weekly Tasks
- Summary: Weekly calls, background Research, not visible to team, bottom up review of existing code, tools, patterns and stack components. Good for the CEO who needs background before dealing with board, investors or internal leadership.
My Value Proposition
There is silver bullet for building trust into your team, but there are approaches that work. Here are some of the patterns I have seen, addresses and build techniques to address.
Observed | Solution | ||
---|---|---|---|
Timeline | When a founding team is heads down and building, thinking about and planning for cyber prep is hard. | → |
"Context is KING". A fractional CTO/CISO can help
bridge the gap when tech challenges need a resource
to change mindsets.
|
Roadmap | Founding teams build puts off SOC2, its because the workload is unknown, and the impact of their roadmap is impossible to balance. | → |
Don't flood your roadmap, work smarter, and do the
cyber prep that matches your actual stage of funding,
sales and build.
|
Mental | SOC2 and cyber prep puts stress on teams. It adds tickets to sprints, work to IT, and train to everyone else. | → |
Getting to SOC2 can seem to be the goal. The real goal
is getting the value from SOC2. Reports are good. Trust
is better.
|
Risks | Not preparing is a risk. The first big hack event can cause CLevels career risk. | → |
Everyone in a company needs to understand the value security, but
C-Levels need to know, deeply, how the build the core values into
their teams.
|
Some References
CEO of Augusta Care
“Stephan has been helping us in figuring out how we should get to SOC2 compliance within a reasonable budget. He's looked at our tech stack and gave us practical recommendations on how it should evolve over time. I'm looking forward to working with him again."
COO of Phoenix Tailings
"Stephan worked with our team as we started to scale up and address security requirements. He assisted in our selection of security frameworks that matched our unique funding, IP, and cyber-security needs. His startup experience provided us with options that matched our stage and immediate concerns. We hope to tap into his experience when our security requirements change."
Solutions Architect at Brytebridge
"We pulled in Stephan to build out our tech stack and API. He executed in record time, provided our front end teams with Just-in-Time API resources as we decided on email providers, payment gateways, hosting and storage options on AWS. He takes a very practical approach to solutions. He gave us both working solutions, as well as best practices for API route testing, JWT token security and a framework that we can hand off to a team to extend. He helped our team go from idea to revenue in 4 weeks. Zero to MVP in record time!"
TL;DR
The best metaphor for SOC2 is to think about it like a college class. You need this one class to graduate. You have put off taking this class because know to be grueling, has a legendary for the amount of reading. You have skipped all the lectures, so you can not cram for it. You will value the knowledge but it just feels like a slog, like a tax that gives no value.
Basically, its hard to work smart.
References from past and current clients are available, after an initial screening call. Client data and relationships are all covered by NDAs. No leaks.