Hack Your Company, a Drata Podcast

Kay Lutz

by Kay Lutz

October 04, 2022
List Image - Hack Your Company EP 0
Drata’s first cybersecurity podcast, Hack Your Company, gets into the nitty gritty of what security looks like from the very people responsible for building it.

The cybersecurity industry is well acquainted with reducing surface attacks, the increasingly blurred lines of our perimeters, and other miscellaneous buzzwords and phrases. Drata’s first podcast, Hack Your Company, gets into the nitty gritty of what security looks like from the very people building it—chief information security officers, information technology leaders, security practitioners, compliance experts, and many more.

Each episode poses the question: How would you hack your company?Hosted by Drata’s CISO, Ross Hosman, each episode is centered around guests sharing insight (and trust hacks) as they take a step back and view their company from the outside in and their brand and reputation from the perspective of a prospective customer or client.In coming episodes, listeners will hear everything from an unusual red teaming exercise that ended with a phone call to the police to how security practices change when working in the public and private sectors.

Hack Your Company is being released on YouTubeSpotifyApple Podcasts, and Amazon Music.

Episode Zero: The OG Episode

To kick things off, Ross and the security team set the stage for what’s to come by chatting about the series, the latest buzzwords, and how Drata takes a security-first approach that enables growth rather than slowing it down. This week, Ross is joined by:

  • Carmil Thelemarque, Security Engineer

  • Shannon Johnson, IT Engineer

  • Joshua Stuts, Manager of Information Security

Before inviting other guests, the OG episode, as Ross lovingly refers to it, gives you, the listener, an insider’s perspective of what it takes to secure a company in an industry ripe for targeted attacks and why building trust is critical to the success of the company.

Incorporating core values into your security team guides the way to building trust, even if it’s as simple as prioritizing doing the right thing.

“I think the other thing that we really try to instill into our security team and into our company is we will do the right thing, always. We will take and make smart risk-based decisions—right, we won’t take dumb risks. We will take smart risks and we will have those conversations,” said Hosman.

Ross comes to Drata with over a decade of cyber security experience and over time, he has learned the crucial element of what makes a solid security practice. Not everyone knows what it really boils down to and how to determine what to prioritize.

"You know, it always comes down to: we will protect our customers first, our employees second, and our business third, because without customers, we don’t have a business. Without employees to help those customers or build the product, we don’t have a business,” he explains in Episode Zero. “And so the business actually comes last when we’re thinking about security and what the business wants. We have to think about the security of the customer and our employees before the business,” said Hosman.

Ross Asks the Dumb Questions

Shannon Johnson, IT Engineer recently turned Security Engineer, is new to the security team and discusses the value of being trusted by other departments to ask questions throughout this episode. Building a strong security program is important, but it’s just as important to build a culture of security that expands to the whole company.

Ross especially admits to asking dumb questions, because it’s important, it sets an example, “I think that’s really important that we, as a company, have set that kind of culture and this is something our CEO, Adam, has really focused on. People shouldn’t be afraid to ask a question, even if they think it’s a dumb question, and I routinely ask dumb questions as well—because I’m not afraid to look dumb. And if the leadership and the rest of our leadership is willing to do that, then any employee should be able to do that.”

If your other departments can’t ask questions or feel like they can’t bring up something that could be off-putting, it can leave your company vulnerable. Other teams should see the security team as allies.

What’s to Come

While we love the Drata security team, we have other riveting guests in the lineup. Hack Your Company’s next episode focuses on what happens when you get your company hacked on purpose during red teaming exercises with Hashicorp’s CISO, Talha Tariq.

Everyone values their privacy, from the government to everyday consumers—Guild Education’s Vice President and Head of Security Julie Chickillo joins Ross in discussing how data privacy affects us all.

You can discuss this episode on Drata’s community, Secured; or subscribe to our newsletter, Trusted, to get the latest news.

The Drata Newsletter

Trusted is Drata’s newsletter focused on the world of compliance, security, data privacy, and everything in between.

Secured

The Drata Community

Screen Shot 2022-07-13 at 9.45 1
Resources for you
PCI Compliance Cost What It Takes to Become Certified

PCI DSS Compliance Cost: What It Takes to Become Certified

Cybersecurity Asset Management

Why Cybersecurity Asset Management Matters and How to Prioritize It

Drata Leadership Update

Drata Brings On New CRO and First-Ever COO to Fuel Hyper Growth

Kay Lutz
Kay Lutz
Drata Content Specialist