EP237 Making Security Personal at the Speed and Scale of TikTok

Guest:

• Kim Albarella, Global Head of Security, TikTok

Questions:

• Security is part of your DNA. In your day to day at TikTok, what are some tips you’d share with users about staying safe online?
• Many regulations were written with older technologies in mind. How do you bridge the gap between these legacy requirements and the realities of a modern, microservices-based tech stack like TikTok's, ensuring both compliance and agility?
• You have a background in compliance and risk management. How do you approach demonstrating the effectiveness of security controls, not just their existence, especially given the rapid pace of change in both technology and regulations? 
• TikTok operates on a global scale, facing a complex web of varying regulations and user expectations. How do you balance the need for localized compliance with the desire for a consistent global security posture? How do you avoid creating a fragmented and overly complex system, and what role does automation play in this balancing act?
• What strategies and metrics do you use to ensure auditability and provide confidence to stakeholders?
• We understand you've used TikTok videos for security training. Can you elaborate on how you've fostered a strong security culture internally, especially in such a dynamic environment? 
• What is in your TikTok feed?

Resources:

• Kim on TikTok @securishe and TikTopTips
• EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations
• EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud
• EP14 Making Compliance Cloud-native