Laura Bell has over a decade of experience in software development and information security; she specializes in bringing security survival skills, practices, and culture into fast paced organizations of every shape and size. She founded SafeStack in 2014 to support security in fast growing organizations around the world. She is an experienced conference speaker, trainer, and regular panel member, and has spoken at a range of events such as BlackHat USA, Velocity and OSCON on the subjects of privacy, covert communications, agile security, and security mind-set. Laura co-authored Agile Application Security for O’Reilly media. Erica Anderson has played multiple roles in security. As an engineer, she has worked for small and growth startup companies managing their product and platform security. As an analyst, she has operated and managed internal security and incident response teams. As a consultant, she has tested systems and supported clients of all shapes and sizes around the world. She is an experienced conference speaker and trainer, and organizes conferences for BSides, Kiwicon, and Kawaiicon. Erica is driven by empathy for people struggling with security—whether they’re at the beginning or well along in their security journey.
Learn more about Security For Everyone to pre-order the book or sign up for the waitlist.
What’s Wrong with the State of Cybersecurity?
We have been doing the cybersecurity dance for a while—Laura herself just hit her 20 year career anniversary! We’ve seen a lot, and while much has changed over the years in terms of technology, many aspects of cybersecurity have stayed depressingly the same.
We see stories in the news about large companies paying exorbitant amounts of money to regulators and their customers for losing data, or companies becoming irrelevant after undergoing an attack that also took down their competitive edge. This doesn’t even cover the hundreds of organizations that are too small for air time, that have to shut their doors after a security incident.
What we have found is that the root of these problems and pain is often a lack of the same good security practices. We want to change that for all companies, not just those big enough or established enough to afford security teams and expensive tools.
Build Strong Foundations Early
Most good security practice boils down to a simple set of foundations—unique passwords populated in a password manager, two-factor authentication prompts for each login, mindfulness and limiting of sprawling data duplicated across websites and devices, automatic or prioritization of regular updates and patching, turning off of unnecessary features, and setup of safety net monitoring emails and notifications for when things fall through the cracks. Most organizations we have worked with suffer from these same missing foundations, building their company operations and infrastructure on a bed of sand. As these companies grow, establishing security practices can become exorbitantly costly—or come too late.
It isn’t the small business owner or organization’s fault, however. With the way technology is moving and changing, it can be hard to keep up. And when faced with making decisions to keep your company—and yourself—alive and growing, keeping your digital assets and data secure doesn’t always feel like a priority.
Additionally, there is plenty of advice for large enterprises or governments that have to comply with specific regulations and control frameworks, but there’s very little for those organizations that are too small to have security budgets or tools. We couldn’t point the small businesses we work with to any resources that would scale to their level and needs. The little advice that was available was hard to find for people who are time poor and are not exactly sure where to start. Or worse—they would go down the rabbit hole of expensive security widgets that would burn money faster than actually keep their most important assets protected.
Why We Wrote This Book
Our mission at SafeStack has always been to help as many small businesses and people as possible. Rather than building a giant consultancy and working only with wealthy businesses, we wanted to share our mix of experience, understanding, technical know-how, empathy, and pragmatism with as many people as possible. We want our expertise to be accessible and our advice easy to follow.. We wanted it to be clear where to start, what to focus on, and what to do. We determined that the best vehicle for this mission would be a digital book that is searchable, shareable, and accessible. We chose to publish with Holloway so we can bring you just that.
Who It’s For
Whether you are just trying to protect yourself or your small business, we are excited to share the years of experience and advice that we have provided to people just like you. We hope you find helpful nuggets of wisdom in the advice for your own individual, personal security that you feel inspired to share with others in your network, social circles, or family.
For those running small businesses or growing companies, we wrote this book so it can grow with you—you might only be a one-person band now, but soon you might grow into a small team with more customers, assets, and risks you need to think about. We structured this book so you can revisit it again when your context changes, so you know where to best re-direct your small amount of resources to make the biggest impact.
Eventually your organization may outgrow this book. There might be a point where you grow big enough to need your own internal security team. You may find the amount of data, assets, and systems you have is well past what you and your team alone can manage. Consider this book to be the roadmap to help you manage your security from now until then—so that you can reach that stage safely, and with best security foundations already in place
For those of you further along your security journey, this book can also be a tool to help share your practice with others—a way to guide those around you in a simple and pragmatic way. As security professionals, we know you have the drive to work on the new and exciting areas of security. You want to push the boundaries of what you know, and add value. However, small businesses are everywhere, and most have those soft, sandy foundations. It can be tiring to repeat the same advice without it feeling like you are failing the industry or that small businesses are doomed to always fail. If we are being honest, it is not very natural for a group of professional cynics to provide empathy to these small businesses. We made this book so you can support these groups of people and support your local communities and businesses, without spending too much of your time and energy.
We are excited to be on this book adventure, and would love for you to join us. Together we can build safer businesses, protect people, and secure communities. If you are keen to join us and would be interested in early access, deals, and updates, you can pre-order the book or get on the waitlist here.