Building a Cyber Security Culture
The night started with a presentation by Jesse Wojtkowiak, Head of Information Security at Pipedrive. Formerly Jesse worked for the US Navy for around 10 years. After graduating from Tallinn University of Technology with a Master's Degree in Cyber Security, he started in Pipedrive at the beginning of 2016. With a mission to nourish and structurize the security culture, he first realized that in a startup, building a security culture can be hard, due to the constant lack of resources. But the resources could already be there as people might be doing cyber and information security already, it's just the matter of focusing and structuring.
Jesse Wojtkowiak, Head of Information Security at Pipedrive
While building a security culture in a startup, management support is really important. ''If security is important to them, it is important to everyone,'' Jesse noted. Within the rest of the team, keeping a persistent message helps. To get them all on board, it is important to include everyone and not to alienate the people who are resisting at first. It is important to have perseverance, maintain a positive tone and recognize success. You need to find a way to create self-interest in people - everyone has their projects. Once you define peoples self-interest, you’ll be more successful in creating a unified culture.
Kristian Kivimägi, Cyber Security Specialist at Pipedrive introduced the necessity of an information security program in a startup. Why does Pipedrive do it? ''To teach our team how to protect information, lower risk to business and build trust with customers,'' Kristian responded. ''It is important to set information security policies and to inform people they are not for punishing, merely to get everyone on the same page'' he added.
Kristian Kivimägi, Cyber Security Specialist at Pipedrive
While implementing a cyber security program in a company its normal to see the number of security incidents rising. Nothing to be afraid of! You simply need to implement an incident lifecycle and follow it. Kristjan also shared a lot on cyber security with open sourced tools. For that insight check out the live recording of the event, starting from 1:25.
Let’s speak about cyber security is a new meetup series coordinated by Startup Estonia with a goal to gather people interested in solving different cyber security issues and finding new business opportunities. On each meetup, we will focus on distinct sector and a cyber security issue. We will meet the representatives of Estonian institutions that provide vital cyber security services but also leading Estonian startups. Additionally, engaging discussions about the sectorial best practices, existing solutions and issues to be resolved.
''The goal of the meetup is to create a unified network of people interested in cyber security issues and business opportunities,'' says Marily Hendrikson, Cyber Defence Project Lead in Startup Estonia and the organizer of the series. ''In cooperation with partners we have organized two events in Elektrilevi and Pipedrive and planning on next ones. Meetup community, created in December has 325 members and the events are filling up really fast. That shows us that there really is a necessity for that kind of event.'' Next one will take place in 10th of April in Telia and will focus on cyber security issues in telecom sector. Join the event through Meetup.
Blogpost written by: Sander Sillavee (Startup Estonia)
Photos by: Ann Vaida