Do whatever it takes to avoid a breach | Khelan Bhatt - Cybersecurity Expert and Strategist | Episode 26
From his time overseeing cybersecurity for prominent Gap Inc. brands including Gap, Athleta, Old Navy, and Banana Republic as Deputy CISO, Khelan Bhatt has nearly two decades of information security expertise. He currently orchestrates cybersecurity strategy at FabFitFun as CISO and VP of IT.
In this episode, Khelan and Matt discuss:
Chapters:
(0:00:00) The importance of bringing in security and privacy early in the data process
(0:01:03) Critical steps to build a culture of security for growth
(0:03:46) The role of a CISO and their responsibilities
(0:06:51) The function of security in the earliest days of a company
(0:08:37) When to designate a CISO and the structure of a security department
(0:10:22) Common targets for cyber attacks and what attackers are trying to obtain
(0:10:41) Credit card numbers and valuable data on the dark web
(0:14:10) The value of hacking larger companies vs. smaller companies
(0:15:56) Considerations for data handling and sharing with external partners
(0:18:20) Post IDFA world and data handling for marketing teams
(0:20:34) Evaluating third-party partners' security and privacy maturity
(0:21:06) What marketers should understand about data handling
(0:21:31) Bring security and privacy experts in early during contract negotiations
(0:22:32) Data duplication increases risk and dilutes controls
(0:22:54) Define granular roles and responsibilities for data access
(0:23:23) Consider hiding sensitive fields based on user roles
(0:24:11) Regularly assess and update security frameworks as the company grows
(0:24:48) Data lakes can improve data governance and analytics
(0:25:43) Regular security assessments are crucial for maturing organizations
(0:26:13) Boards want to be aware of risks and progress in security measures
(0:26:56) Security should be seen as a feature to increase trust and attract customers
(0:28:32) Incorporate security features like SSO and role-based access control
(0:30:24) Security, legal, and brand efforts contribute to long-term growth
(0:31:37) Investments in security may protect against potential disasters
(0:32:32) Advice for early stage CEOs who raised funding
(0:33:04) Importance of investing in security for startups
(0:33:29) Options for outsourcing security services
(0:33:49) Creating a virtual security team within the organization
(0:34:19) Evaluating security maturity level and making investments
(0:34:48) Conclusion and appreciation for the discussion
Link to Transcript
Create your
podcast in
minutes
It is Free