💡 Guest: Kathy Wang, Chief Security Officer at Discord
💡 Noteworthy: Kathy is a security executive and leader with a strong background in project management, research, and business development. She has worked in government, commercial, and technology startup environments and currently advises startups that offer security services/products.
⚡ The importance of access control in security. Improving access control is one of the best ways to prevent potential security problems. Kathy says, “If I think about this from a security perspective, and you look at it from a public cloud SaaS environment perspective, there are so many organizations right now where there are far too many people who have more access than they need in production environments. And so we’re always looking for ways to understand, audit, and reduce all of those accesses, and this is super important for improving security posture because if you can’t control or understand what access people have, then you’ve got all sorts of problems like insider threat as well as takeover or breach type of issues.”
⚡ Security is a hard sell. Even though the number of cyber threats increases every year, security is still hard to sell. Kathy explains, “GitLab was even less of a security product company. They’ve built security features and security capabilities, which I was super happy to help contribute to from a CSO perspective, as in, ‘Would I use this; would I buy this?’ However, it’s not the same thing as talking to customers constantly about, ‘Hey, we’ve detected this for you. What do you think?’ And then getting a response, ‘You know what? Yeah, it’s true. You did, but I’m not sure I want to pay for that kind of detection, though.’ This is exactly what makes security such a hard sell. You could be accurate. You could be technically good, but what is that other factor that will make people want to spend money on the product? That’s hard.”
⚡ Think outside the box when building your security teams. The key to building highly effective security teams is to differentiate yourself. Kathy says, “Building security teams is not an easy thing to do, as you know, and we’re always competing for talent with a whole bunch of other companies. So what can you do to really differentiate yourself? One of the things I learned is that you can actually go looking for talent outside of the normal pools of talent that people look for. And GitLab was really great for reinforcing that.”