Hack Your Company, a Drata PodcastDrata’s first cybersecurity podcast, Hack Your Company, gets into the nitty gritty of what security looks like from the very people responsible for building it.
The cybersecurity industry is well acquainted with reducing surface attacks, the increasingly blurred lines of our perimeters, and other miscellaneous buzzwords and phrases. Drata’s first podcast, Hack Your Company, gets into the nitty gritty of what security looks like from the very people building it—chief information security officers, information technology leaders, security practitioners, compliance experts, and many more.
Each episode poses the question: How would you hack your company?Hosted by Drata’s CISO, Ross Hosman, each episode is centered around guests sharing insight (and trust hacks) as they take a step back and view their company from the outside in and their brand and reputation from the perspective of a prospective customer or client.In coming episodes, listeners will hear everything from an unusual red teaming exercise that ended with a phone call to the police to how security practices change when working in the public and private sectors.
Episode Zero: The OG Episode
To kick things off, Ross and the security team set the stage for what’s to come by chatting about the series, the latest buzzwords, and how Drata takes a security-first approach that enables growth rather than slowing it down. This week, Ross is joined by:
Carmil Thelemarque, Security Engineer
Shannon Johnson, IT Engineer
Joshua Stuts, Manager of Information Security
Before inviting other guests, the OG episode, as Ross lovingly refers to it, gives you, the listener, an insider’s perspective of what it takes to secure a company in an industry ripe for targeted attacks and why building trust is critical to the success of the company.
Incorporating core values into your security team guides the way to building trust, even if it’s as simple as prioritizing doing the right thing.
“I think the other thing that we really try to instill into our security team and into our company is we will do the right thing, always. We will take and make smart risk-based decisions—right, we won’t take dumb risks. We will take smart risks and we will have those conversations,” said Hosman.
Ross comes to Drata with over a decade of cyber security experience and over time, he has learned the crucial element of what makes a solid security practice. Not everyone knows what it really boils down to and how to determine what to prioritize.
"You know, it always comes down to: we will protect our customers first, our employees second, and our business third, because without customers, we don’t have a business. Without employees to help those customers or build the product, we don’t have a business,” he explains in Episode Zero. “And so the business actually comes last when we’re thinking about security and what the business wants. We have to think about the security of the customer and our employees before the business,” said Hosman.
Ross Asks the Dumb Questions
Shannon Johnson, IT Engineer recently turned Security Engineer, is new to the security team and discusses the value of being trusted by other departments to ask questions throughout this episode. Building a strong security program is important, but it’s just as important to build a culture of security that expands to the whole company.
Ross especially admits to asking dumb questions, because it’s important, it sets an example, “I think that’s really important that we, as a company, have set that kind of culture and this is something our CEO, Adam, has really focused on. People shouldn’t be afraid to ask a question, even if they think it’s a dumb question, and I routinely ask dumb questions as well—because I’m not afraid to look dumb. And if the leadership and the rest of our leadership is willing to do that, then any employee should be able to do that.”
If your other departments can’t ask questions or feel like they can’t bring up something that could be off-putting, it can leave your company vulnerable. Other teams should see the security team as allies.
What’s to Come
While we love the Drata security team, we have other riveting guests in the lineup. Hack Your Company’s next episode focuses on what happens when you get your company hacked on purpose during red teaming exercises with Hashicorp’s CISO, Talha Tariq.
Everyone values their privacy, from the government to everyday consumers—Guild Education’s Vice President and Head of Security Julie Chickillo joins Ross in discussing how data privacy affects us all.