Sign up to save your podcasts
Or
Share Navigating Compliance the Easy Way with Darren Gallop, CEO of Securicy
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Navigating Compliance the Easy Way with Darren Gallop, CEO of Securicy
In this episode, we are speaking with Darren Gallop CEO and co-founder of Securicy, a venture-backed company that helps startups simplify information security and privacy compliance. Listen to Andrew, Fahad, and Darren cover the most common mistakes SaaS founders make when it comes to security. They also explore the best practices to follow and share actionable insights into what you can do to prepare for the coming year.
Show Notes:
- It is important to address compliance sooner than later. The challenge lies in the various standards, developing a process, and managing control, and this is where companies like Securicy save the day.
- How do you advise customers to be compliant? Companies are not going to be fined because they are not 100% compliant in every single way to the interpretation of the law. Where you are seeing most of the issues is where companies are far from being compliant or not respecting the law.
- Has compliance evolved from check all the boxes to more of are we trying our best to follow the best practices? If you're obviously putting in a really strong effort for your budget and size your company and you're for the most part compliant, then then you have a lot less risk. There is a lot of differences from one organization to another, but also the nature of the work they are going to do.
- Companies are taking compliance more seriously from an actual risk reduction process, versus general counsel led administrative compliance exercises. So they will ask compliance questions, but they are obviously still concerned about maintaining their compliance.
- Being reactive or investing in compliance before it happens is not necessary. Just implementing good policy and good procedure, and good configuration, around the stuff you're already using in your business.
- What are the common mistakes made by established companies and startups? Waiting until you need compliance is a really big mistake. When clients ask about security and you cannot answer them in a reasonable time frame, it becomes clear to auditors that you do not have it. Auditors know when you are giving naive or intentionally vague answers.
- It is not just the tools that will protect you, but implementing the best practices as well.
References:
ISO 27001
CCPA
HIPPA
OWASP
Thanks for listening! What did you think about this episode? Drop us a comment and let us know how we're doing.
Check out the Insights page for a library full of thoughtful articles.
We’d love to know what you took away from our conversation. Follow us at @fahsho12 and @andrewwwolfe and share your insights and questions with the #thoughtful software. If you’d like to be considered as a guest or have someone you’d like to hear from (Tech Leader), drop us a direct message on Twitter or Linked.
About our Guest:
Darren Gallop is a business leader and security professional with over twenty years of experience as a CEO and CISO of companies that handle sensitive data. Having founded a non-profit organization, three service companies, and two tech startups in his career, he understands how to assess and manage risk in alignment with organizational goals. Currently, the CEO and co-founder of Securicy, Darren’s unique pe
View all episodes
By Fahad Shoukat and Andrew Wolfe
In this episode, we are speaking with Darren Gallop CEO and co-founder of Securicy, a venture-backed company that helps startups simplify information security and privacy compliance. Listen to Andrew, Fahad, and Darren cover the most common mistakes SaaS founders make when it comes to security. They also explore the best practices to follow and share actionable insights into what you can do to prepare for the coming year.
Show Notes:
- It is important to address compliance sooner than later. The challenge lies in the various standards, developing a process, and managing control, and this is where companies like Securicy save the day.
- How do you advise customers to be compliant? Companies are not going to be fined because they are not 100% compliant in every single way to the interpretation of the law. Where you are seeing most of the issues is where companies are far from being compliant or not respecting the law.
- Has compliance evolved from check all the boxes to more of are we trying our best to follow the best practices? If you're obviously putting in a really strong effort for your budget and size your company and you're for the most part compliant, then then you have a lot less risk. There is a lot of differences from one organization to another, but also the nature of the work they are going to do.
- Companies are taking compliance more seriously from an actual risk reduction process, versus general counsel led administrative compliance exercises. So they will ask compliance questions, but they are obviously still concerned about maintaining their compliance.
- Being reactive or investing in compliance before it happens is not necessary. Just implementing good policy and good procedure, and good configuration, around the stuff you're already using in your business.
- What are the common mistakes made by established companies and startups? Waiting until you need compliance is a really big mistake. When clients ask about security and you cannot answer them in a reasonable time frame, it becomes clear to auditors that you do not have it. Auditors know when you are giving naive or intentionally vague answers.
- It is not just the tools that will protect you, but implementing the best practices as well.
References:
ISO 27001
CCPA
HIPPA
OWASP
Thanks for listening! What did you think about this episode? Drop us a comment and let us know how we're doing.
Check out the Insights page for a library full of thoughtful articles.
We’d love to know what you took away from our conversation. Follow us at @fahsho12 and @andrewwwolfe and share your insights and questions with the #thoughtful software. If you’d like to be considered as a guest or have someone you’d like to hear from (Tech Leader), drop us a direct message on Twitter or Linked.
About our Guest:
Darren Gallop is a business leader and security professional with over twenty years of experience as a CEO and CISO of companies that handle sensitive data. Having founded a non-profit organization, three service companies, and two tech startups in his career, he understands how to assess and manage risk in alignment with organizational goals. Currently, the CEO and co-founder of Securicy, Darren’s unique pe