On this week’s episode of Security Nation, we had the pleasure of speaking with Alex Kreilein, CISO for RapidDeploy, a back-end SaaS service for 911 and emergency communication systems. Prior to this, Alex ran a small investment fund for cybersecurity startups. He also had his own company called SecureSet, which was the country’s first cybersecurity boot camp.
Here is our recap of the podcast:
Focus on prevention, not reaction
In Alex’s time as an investor, he and his team were looking at companies that were focused on preventative security. In his view, defensive security means you just didn’t do your job; if an alert pops up, it means something wasn’t done properly that allowed someone nefarious to get somewhere they shouldn’t be. Unfortunately, most security pros have given up because they’ve been told that proactive security is impossible and a losing battle. While it may be true, to say you’ve lost before you ever got started is a defeatist mentality.
To address this, Alex and his team at RapidDeploy—no relation to Rapid7— are working on configuration patch and vulnerability remediation management, two things many security teams brush off as “boring” or something they “don’t believe in.” With their cloud-native solution, they’ve taken the NIST 800-53 compliance controls and put them in a security system plan written in code. This enables them to machine-read and version-control it. Having everything machine-readable does a few things. The first is they can take the 159 NIST 800-53 controls and run almost all (140) of them through Terraform to write the controls as a CI/CD (continuous integration/continuous deployment) framework.
Let’s use a pas ..
Support the originator by clicking the read the rest link below.
