Incode Technologies’ Jeff Moss: Scaling security for startups and defending against the ever-growing attack surface
Aug 29, 2023
auto_awesome
Jeff Moss, Senior Director, Information Security at Incode Technologies, discusses his transition from engineering to product security, the evolution of product security over the last five years, reducing the attack surface within the industry, scaling security for startups, tips for prioritization of initiatives, and combining the technical and business aspects of management.
Prioritization and risk management are crucial in security leadership roles, especially when scaling security for startups.
Product security has evolved to include building security into the entire product development lifecycle and staying updated on emerging attack techniques.
Deep dives
Jeff Moss's Journey to Information Security
Jeff Moss, a Senior Director of Information Security at Incode Technologies, shares his unconventional path into information security. He started in project and program management before transitioning to cybersecurity. With experience in scaling security startups, Jeff emphasizes the importance of prioritization and risk management in security leadership roles. He also highlights the need for security leaders to understand and communicate business risks to the C-suite and board. Jeff recommends that security professionals start building a security culture early and embrace new technologies responsibly, as attackers become more sophisticated. In terms of measuring the success of information security programs, Jeff suggests focusing on business enablement, risk management, and capabilities.
The Changing Landscape of Product Security
Product security has evolved significantly in the past decade. The traditional assurance-focused approach, where products were only evaluated for release, has shifted. Now, security needs to be built into the entire product development lifecycle. The increasing attack surface, migration to the cloud, and dependence on open-source components pose new challenges. Security leaders must stay updated on emerging attack techniques and prioritize reducing risks associated with wider attack surfaces and software dependencies. Technologies like generative AI and AI-driven security operations can help stay ahead of attackers.
Scaling Security for Startups
Scaling security for startups requires a strong focus on prioritization, risk management, and building foundational capabilities. Jeff emphasizes the need to prioritize initiatives that enable the business and manage risks effectively. Understanding threat intelligence trends and the basics of securing the corporate environment are crucial. He also emphasizes the importance of communication, good relationships with peers, and project management skills when driving security initiatives. Starting early with security culture and continuously iterating on it is essential, as cultural change takes time and persistence.
The Role of CSOs and Security Culture
The role of CSOs (Chief Security Officers) has become more critical, given the rising importance of cybersecurity as business risk. CSOs should report to the CEO and be an integral part of the leadership team. To build a strong security culture, it is essential to prioritize effective communication, align security with business goals, and foster a sense of ownership and responsibility across the organization. Security leaders in both security and non-security companies should focus on enabling the business, managing risks, and ensuring foundational security capabilities.
In this episode of The Future of Security Operations podcast, Thomas speaks to Jeff Moss, Senior Director, Information Security, at Incode Technologies. Incode is the leading provider of world-class identity solutions for the world’s largest financial institutions, governments, retailers, hospitality organizations, and gaming establishments.
Jeff has over 10 years of experience in tech and IT, moving from project and program management in areas such as construction and IT into cybersecurity, where he quickly worked his way up to becoming CISO and Senior Director of Information Security. He has countless licenses and certifications, including Certified Information Systems Auditor with ISACA, and he also has an MBA.
Topics include:
How Jeff decided to make the move from engineering to product security.
His less traditional path into cybersecurity leadership and how he worked his way up to CISO in such a short space of time.
The evolution of product security over the last five years.
The increased attack surface within the industry and how to reduce the risks.
What Jeff has learned from scaling security for numerous startups.
Tips for the prioritization of initiatives that Jeff has learned as part of his MBA and his years as a project and program manager.
Jeff’s approach to combining the technical and the business in his management.
The shift in organizational structure with CISOs needing to report to the board and CEO.
The proposed Securities and Exchange Commission (SEC) rulemaking in the US and what it means for the industry.
What Jeff expects to see in security operations over the next five years.
