undefined | Better HN

0 pointsneeleshs1y ago0 comments

As a startup CTO, I agree you need networking And cybersecurity. I am not sure if you need fulltime people specializing in this though.

I used to work for large companies with big on-prem footprint. Networking and security in that world is a different game and warrants dedicated people.

But for a startup with two services running in the cloud, with so many out of the box tools? (IDS, WAF, log based monitoring, SDN and all the configurability that comes with it). That can go a long way, without dedicated people.

0 comments

tguvot1y ago

>As a startup CTO, I agree you need networking And cybersecurity. I am not sure if you need fulltime people specializing in this though.

highly depends on function of the service and it's scale

>I used to work for large companies with big on-prem footprint. Networking and security in that world is a different game and warrants dedicated people.

>But for a startup with two services running in the cloud, with so many out of the box tools? (IDS, WAF, log based monitoring, SDN and all the configurability that comes with it). That can go a long way, without dedicated people.

maybe for network. but in my experience most of engineering (starting with junior developers and ending with vp/cto level) doesn't understand cybersecurity specifically or security in general . so even if there is tooling available, people don't understand when, how or most important why to use them.

neeleshsOP1y ago

That's fair. It's a red flag in general if VP/CTO doesn't have the basics of security in place anyway. My experience in my peer group is that they are all fairly knowledgeable about security, if not experts.

Most startups don't have the scale, there are exceptions of course.

tguvot1y ago

i worked in variety of companies that varied from development of security products and were very security oriented to companies where security were driven by client needs (telecom industry for example), to "other places" where management grew with the company and it's case of "you can't teach old dog new tricks". there are always security departments, but unfortunately most of the time their thinking is "slap crowdstrike everywhere, it will solve all problems" and "here is sdlc that engineering must to follow" (lol)

neeleshsOP1y ago

Indeed, I've seen that latter behavior in large companies back in the days. A security department that refuses approvals to upgrade operating systems because it's too risky, a full-blown ops team that doesn't know how to do it without killing all services for days on, doesn't have recommendations on security patches, doesn't know if a CVE is actually exploitable in that setup or not - the list goes on.

1 more reply

j / k navigate · click thread line to collapse

0 comments

tguvot1y ago

>As a startup CTO, I agree you need networking And cybersecurity. I am not sure if you need fulltime people specializing in this though.

highly depends on function of the service and it's scale

>I used to work for large companies with big on-prem footprint. Networking and security in that world is a different game and warrants dedicated people.

neeleshsOP1y ago

Most startups don't have the scale, there are exceptions of course.

tguvot1y ago

neeleshsOP1y ago

1 more reply

j / k navigate · click thread line to collapse