Goodpods logo
Goodpods

Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
Access Control - When should a startup call the FBI

When should a startup call the FBI

09/28/21 • 30 min

Access Control
Before the inevitable breach happens.

Key topics on Access Control Podcast: Episode 11 - When a Startup Should Call the FBI

  • The FBI is the national law enforcement agency, and post-9/11, also the domestic security agency.
  • National security cyber matters comprise matters related to foreign states, foreign terrorist organizations, as well as domestic terrorism.
  • The COVID 19 pandemic has really accelerated cybercrime.
  • With the growth of ransomware as a service and the money mule network, even low-skill actors today are getting into the ransomware game.
  • You should have an incident response plan that you can put into action if you fall victim to a ransomware attack.
  • Business Email Compromise (BEC) occurs when someone sends you an email or text eliciting you to take some action and asks you to wire money.
  • With regard to intellectual property, you have to do your due diligence as an organization to protect your information.
  • To report an issue, ic3.gov is cyber-focused while tips.fbi.gov is for all tips that the FBI get.
  • As long as you're aware of what your exposure is, can weigh the risks, and have taken sufficient mitigation strategies for these risks, that's all you can do at the end of the day. ​
plus icon
bookmark
Before the inevitable breach happens.

Key topics on Access Control Podcast: Episode 11 - When a Startup Should Call the FBI

  • The FBI is the national law enforcement agency, and post-9/11, also the domestic security agency.
  • National security cyber matters comprise matters related to foreign states, foreign terrorist organizations, as well as domestic terrorism.
  • The COVID 19 pandemic has really accelerated cybercrime.
  • With the growth of ransomware as a service and the money mule network, even low-skill actors today are getting into the ransomware game.
  • You should have an incident response plan that you can put into action if you fall victim to a ransomware attack.
  • Business Email Compromise (BEC) occurs when someone sends you an email or text eliciting you to take some action and asks you to wire money.
  • With regard to intellectual property, you have to do your due diligence as an organization to protect your information.
  • To report an issue, ic3.gov is cyber-focused while tips.fbi.gov is for all tips that the FBI get.
  • As long as you're aware of what your exposure is, can weigh the risks, and have taken sufficient mitigation strategies for these risks, that's all you can do at the end of the day. ​

Previous Episode

undefined - Securing Internal Applications

Securing Internal Applications

How Figma protects internal web and CLI tools by leveraging off the shelf AWS services.

Key topics on Access Control Podcast: Episode 10 - Protecting Internal Apps at Figma

  • In hyper growth companies, hyper growth itself is one of the key assets that need to be protected.
  • It's important not to draw too many lines between security roles in different subfields (securing engineering, data security, production security) since there are increasingly crossover points between infrastructure, security, and application security in the cloud age.
  • There are differences in how B2B and B2C companies think about scale and about compliance.
  • The desire to have nicely designed, effective internal web applications (such as a web UI to support various operations) is definitely growing. Figma decided to invest time in this area and built a really well-structured, effective approach early on.
  • Some functionality works best as a command line tool, and in certain cases, it’s the right approach.
  • Figma uses AWS for most of its cloud infrastructure, and uses Okta for employee authentication and authorization.
  • Application load balancers (ALBs) are powerful reverse proxies that Amazon provides as a service, basically giving you an API to configure them.

Next Episode

undefined - Infosec for startups

Infosec for startups

SOC2, Crypto and Building a security practice

Key topics on Access Control Podcast: Episode 12 - Cryptography for Startups

  • One of the harder jobs in security is to be the first security person at a startup since startups typically have various types of security problems, and you can't expect one person to cover all of those fields.
  • Considerations when evaluating security consultants are the breadth of services being offered and the billing model being used.
  • One way to describe the SOC 2 standard in the least number of words is: do you do what you say, and do you say what you do?
  • Seven best practices to pass SOC 2 are defined in LVH's The SOC 2 Starting Seven blog post.
  • The Crypto 101 e-book is an introduction to cryptography basics for application developers.
  • When determining the programming language to solve a given problem, it's important to use the right tool for the job.

If you like this episode you’ll love
a16z Podcast

a16z Podcast

Design Life

Design Life

Guy Kawasaki's Remarkable People

Guy Kawasaki's Remarkable People

The Marketing Book Podcast

The Marketing Book Podcast

The Knowledge Project with Shane Parrish

The Knowledge Project with Shane Parrish

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/access-control-361113/when-should-a-startup-call-the-fbi-51954165"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to when should a startup call the fbi on goodpods" style="width: 225px" /> </a>

Copy