I’ve had a number of requests to write a post about how to start and grow a new security program - or a substantial reassessment and rebuild of an existing program. This is a difficult one to write because, as you all know, there is no one size fits all approach. Starting from scratch in a 10 person startup is very different from (re-)building a security program in a more established organization. What I’ve tried to do here, instead, is to develop a framework and step by step guide to ap...
