Posted on Aug 7, 2018
I was initially interested because I had worked with several SecurityScorecard (SSC) employees at other companies. Because of this, I had a good understanding of what the culture would be, and the positive, hardworking type of environment these people would create. Then, when I evaluated the company itself to look more into the technology and purpose behind the product, SSC drew me in even more. I believe that what people categorize as cybersecurity today is only a small grain of sand of what cybersecurity will mean in five or ten years. Most people see cybersecurity as limited to credit card and identity theft, but they don’t see the field as a question of whether or not their airplane is going to land or if the power plant down the street will remain stable. In the future, everything is going to be susceptible to cybersecurity as devices become increasingly integrated with the Internet. SecurityScorecard knows this, and has a product and mission that are going to become increasingly pertinent as we approach this very near future. I joined SSC because I was excited to be a part of something ahead of the curve.
I think you have to love your job. If you don’t love what you do, then you’re not going to be the best at it, because there will always be someone else in the same job position who will genuinely enjoy putting in the extra work to improve. I love what I do at SSC every day. It’s always interesting and exciting to interact with clients to see how the product is working for them and how they choose to apply it. I also think it’s important for a company to have a vision. You want to be able to understand how your work impacts the goals the company is striving towards. And the vision itself should be worthy--something grandiose that allows people to rally around a common theme. At SecurityScorecard, we want to be able to explain cybersecurity in layman’s terms through our concept of a “Scorecard”, and turn Scorecard into a verb so people can have informed conversations about cybersecurity without needing a PhD. I think that’s a noble vision, and one I’m proud to help achieve.
The culture is great. I like the fact that it’s very blunt; everyone is able to be honest about their opinions and still work well together. I also think the way that SecurityScorecard links everything we do to KPIs (Key Performance Indicators) is something a lot companies don’t do. It’s certainly a smart strategy because in a lot of companies, decisions are based on the loudest voice in the room, and hardly ever are those decisions really scrutinized afterwards with data. Therefore, they end up doing a lot of work with very little results. On the other hand, at SSC decisions are made based on how they would best impact the company, instead of being based on who has the strongest opinion or the most senior position.
You have to be quick on your feet. You should also be someone who likes to take full ownership and responsibility over projects that need to get done. You have to be resilient in order to handle the workload, and also love what you do because it’s tough. You should also be able to wear several hats, because this is an environment where you’re going to have to be responsible for tasks that haven’t been done before by anyone in the company. I also think you need to be solutions-focused: it’s easy to point out what’s wrong and harder to design the solution to fix it.
I genuinely enjoy what I do, so that makes it very easy to wake up early and get my day going. It’s nice to have a purpose that constantly motivates me. When I’m at work, I’m never checking the clock waiting until 5pm. I just care about how much progress I make on my purpose.
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen. The right vendor risk assessment template can be crafted to assure compliance with regulatory requirements.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.