44CON 2019 has ended
Back To Schedule
Thursday, September 12 • 14:30 - 15:29
Kashish Mittal - One Person Army - Playbook on how to be the first Security Engineer at a company

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
How often have you heard that ‘Early stage startups don’t care much about Security because if there is no product, there is nothing to secure?’ Although there is merit in the argument that startups need to build product so as to sustain and grow, it often puts the person in charge of securing them in a tricky position. For most startups, this person is the first Security Engineer who can be somewhere between the 10th to 300th employee. By the time the first Security Engineer is on-boarded the attack surface has usually become quite large and he or she faces an uphill battle to go about securing the organization. In such cases, the Security Engineer needs to perform as a ‘one-man army’ keeping the attackers at bay. In this talk, i will present a playbook on how to perform as one.

In this presentation, i will talk about the Startup Security methodology which has served me very well in starting, building and growing Security teams at various startups. The focus and goals include :-

DevSecOps – You are in-charge of everything
Automation is your friend – Alerts significantly better than watching or monitoring a tool
Secure, Document, Repeat!
Developer empathy – It is new for them
Build vs Buy – Maximizing ROI in terms of money and time
Security Education and Awareness
IPad signing technique – Risk consumption and buy-in
Alignment with upper management before you accept the job – Budget, Headcount, Goals, Timeline etc.

I will also recount war stories from experiences including mine from when I was the first AppSec Engineer at Duo Security (acquired by Cisco), was founding engineer at Elevate Security and started the Security team at MileIQ (acquired by Microsoft) and those of my colleagues who have been in similar shoes.


Kashish Mittal

Kashish Mittal is a Security Researcher and Engineer. He currently is the Head of Security at MileIQ, a Microsoft startup. He has worked for companies such as Elevate Security, Duo Security, Bank of America, Deutsche Bank etc. By choice, he is an ethical hacker and an addicted CTF... Read More →

Thursday September 12, 2019 14:30 - 15:29 BST
* Track 1 *