SlideShare a Scribd company logo

2020 BSidesSF - Bootstrapping Security

J
Jared Casner

Let’s assume your budget for cybersecurity is $6,000 instead of $600,000,000. And let’s assume that you are responsible for collecting and securing PII (including SSNs), need to move money on behalf of your customers, and need to assure investors and partners that you have a robust security and compliance program. Where do you start? How on earth do you sleep well at night? This talk is all about bootstrapping your security program when your startup hasn't even raised seed capital yet.

Technology
1 of 13
Download to read offline
Bootstrapping Security
Source: Reuters “BofA’s Bessant says to spend $600 million on information security” - CNBC, October 4th, 2017 She also added that BofA would spend the same amount in 2018, and that it has 1,200 employees “dedicated to that effort”.
Introduction Jared Casner @jaredcaz VP of Engineering Rob Shaw @borwahs Principal Engineer CNote is a fintech company founded in 2016 that offers scalable socially responsible investments to institutions and individuals.
Security tools and ideas for a BIG IMPACT with a small budget
Job Descriptions Engineering “...design, develop, and secure software…” QA “...testing quality and security of software and systems…” Customer Service “...responsible for customer satisfaction and security…” Marketing “...and maintaining security of prospective customer records…” Finance “...and securing access to finances…”
Source: Varonis blog
Education
Automatic Detection
Logging / Reporting
Other Tools
Cost Savings Techniques
Sample Costs for Perspective ● Job Descriptions - $0 ● Threat Modeling - $0 ● Free Tools - $0 ● Education - $50 each for BSides ● Logging/Reporting - $10 - $120 / month ● IDS/IPS - $0.01 to $0.06 / hour / machine ● Antivirus - $50 / employee ● AWS Security Hub - depends on usage, but starts very low ● Servers (SonarQube + VPN) - < $20 / month Assuming 10 employees and 10 servers, you can do all of this for < $5k / year
Get in touch Jared Casner @jaredcaz VP of Engineering Rob Shaw @borwahs Principal Engineer CNote Github

Recommended

Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Parag Deodhar
 
7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo Security7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo SecurityMarcos Ortiz Valmaseda
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CloudIDSummit
 
[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOCOWASP
 
Building World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsBuilding World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsJoyce Brocaglia
 
There's No AI Without IA with Seth Earley
There's No AI Without IA with Seth EarleyThere's No AI Without IA with Seth Earley
There's No AI Without IA with Seth EarleyInformation Development World
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Technology Audits- Today's Concerns , Tomorrow's Challenges
Technology Audits- Today's Concerns , Tomorrow's ChallengesTechnology Audits- Today's Concerns , Tomorrow's Challenges
Technology Audits- Today's Concerns , Tomorrow's ChallengesBiju Nair
 

Recommended

Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Parag Deodhar
 
7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo Security7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo SecurityMarcos Ortiz Valmaseda
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CloudIDSummit
 
[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOCOWASP
 
Building World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsBuilding World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsJoyce Brocaglia
 
There's No AI Without IA with Seth Earley
There's No AI Without IA with Seth EarleyThere's No AI Without IA with Seth Earley
There's No AI Without IA with Seth EarleyInformation Development World
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Technology Audits- Today's Concerns , Tomorrow's Challenges
Technology Audits- Today's Concerns , Tomorrow's ChallengesTechnology Audits- Today's Concerns , Tomorrow's Challenges
Technology Audits- Today's Concerns , Tomorrow's ChallengesBiju Nair
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Tseesuren - Data is the Key for Innovation
Tseesuren - Data is the Key for InnovationTseesuren - Data is the Key for Innovation
Tseesuren - Data is the Key for InnovationThe Business Council of Mongolia
 
The future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfThe future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfChristian Palau
 
EENA2019: Track3 session1 improving response times & decision making_Eric Basha
EENA2019: Track3 session1 improving response times & decision making_Eric BashaEENA2019: Track3 session1 improving response times & decision making_Eric Basha
EENA2019: Track3 session1 improving response times & decision making_Eric BashaEENA (European Emergency Number Association)
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityAnton Chuvakin
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
Power BI overview.pptx
Power BI overview.pptxPower BI overview.pptx
Power BI overview.pptxHungPham381
 
Modern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIModern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIDavid J Rosenthal
 
Intervyo document
Intervyo documentIntervyo document
Intervyo documentSushant Thakur
 
Intervyo
Intervyo Intervyo
Intervyo Ronny Yakov
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformEvandro Silvestre
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Software Guru
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinAnton Chuvakin
 
2018 01 smart city symposium - db
2018 01 smart city symposium - db2018 01 smart city symposium - db
2018 01 smart city symposium - dbDavid Bressler
 
The future of business intelligence
The future of business intelligence The future of business intelligence
The future of business intelligence Phocas Software
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

More Related Content

Similar to 2020 BSidesSF - Bootstrapping Security

Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
The future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfThe future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfChristian Palau
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityAnton Chuvakin
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
Power BI overview.pptx
Power BI overview.pptxPower BI overview.pptx
Power BI overview.pptxHungPham381
 
Modern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIModern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIDavid J Rosenthal
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformEvandro Silvestre
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Software Guru
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinAnton Chuvakin
 
2018 01 smart city symposium - db
2018 01 smart city symposium - db2018 01 smart city symposium - db
2018 01 smart city symposium - dbDavid Bressler
 
The future of business intelligence
The future of business intelligence The future of business intelligence
The future of business intelligence Phocas Software
 

Similar to 2020 BSidesSF - Bootstrapping Security (20)

Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application Security
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Tseesuren - Data is the Key for Innovation
Tseesuren - Data is the Key for InnovationTseesuren - Data is the Key for Innovation
Tseesuren - Data is the Key for Innovation
 
The future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfThe future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdf
 
EENA2019: Track3 session1 improving response times & decision making_Eric Basha
EENA2019: Track3 session1 improving response times & decision making_Eric BashaEENA2019: Track3 session1 improving response times & decision making_Eric Basha
EENA2019: Track3 session1 improving response times & decision making_Eric Basha
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and Reality
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and Technologies
 
Power BI overview.pptx
Power BI overview.pptxPower BI overview.pptx
Power BI overview.pptx
 
Modern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIModern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBI
 
Intervyo document
Intervyo documentIntervyo document
Intervyo document
 
Intervyo
Intervyo Intervyo
Intervyo
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital Platform
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
 
2018 01 smart city symposium - db
2018 01 smart city symposium - db2018 01 smart city symposium - db
2018 01 smart city symposium - db
 
The future of business intelligence
The future of business intelligence The future of business intelligence
The future of business intelligence
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Recently uploaded (20)

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

2020 BSidesSF - Bootstrapping Security

  • 2. Source: Reuters “BofA’s Bessant says to spend $600 million on information security” - CNBC, October 4th, 2017 She also added that BofA would spend the same amount in 2018, and that it has 1,200 employees “dedicated to that effort”.
  • 3. Introduction Jared Casner @jaredcaz VP of Engineering Rob Shaw @borwahs Principal Engineer CNote is a fintech company founded in 2016 that offers scalable socially responsible investments to institutions and individuals.
  • 4. Security tools and ideas for a BIG IMPACT with a small budget
  • 5. Job Descriptions Engineering “...design, develop, and secure software…” QA “...testing quality and security of software and systems…” Customer Service “...responsible for customer satisfaction and security…” Marketing “...and maintaining security of prospective customer records…” Finance “...and securing access to finances…”
  • 12. Sample Costs for Perspective ● Job Descriptions - $0 ● Threat Modeling - $0 ● Free Tools - $0 ● Education - $50 each for BSides ● Logging/Reporting - $10 - $120 / month ● IDS/IPS - $0.01 to $0.06 / hour / machine ● Antivirus - $50 / employee ● AWS Security Hub - depends on usage, but starts very low ● Servers (SonarQube + VPN) - < $20 / month Assuming 10 employees and 10 servers, you can do all of this for < $5k / year
  • 13. Get in touch Jared Casner @jaredcaz VP of Engineering Rob Shaw @borwahs Principal Engineer CNote Github