To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech Business Fix Security
Content provided by Fix Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Fix Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

The Security Cloud Podcast « »
5-step framework for security and compliance programs - Mirko Kater, CISO at Gitpod

1:05:22
 
Play
Playing
Share
 

MP3Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on August 15, 2025 15:14 (4M ago). Last successful fetch was on October 21, 2024 13:05 (1y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 420076780 series 3576155
Content provided by Fix Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Fix Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Mirco Kater, Information Security Officer at Gitpod, has taken a few startups from 0 to 1 when it comes to compliance and information security. Mirco has developed a five-step framework:

  1. Connect
  2. Assess
  3. Define
  4. Implement
  5. Measure

For start-ups, security and compliance programs provide access to markets. Mirco highlights the need for collaboration and communication with various departments within the organization.

He also discusses the selection of frameworks and tools based on the company's risk level and regulatory requirements. The goal is to enable the business while ensuring security and compliance.

Implementing a security compliance program requires budget allocation for salaries, tooling, auditors, and cyber insurance. Mirko also explains the difference between security and compliance, highlighting that compliance is about meeting specific requirements, while security focuses on protecting data and assets.

Takeaways

  • Building security and compliance programs is essential for startups to gain access to markets and customers.
  • The five-step framework for building security and compliance programs includes: connect, assess, define, implement, and measure.
  • During the connect phase, it is important to connect with leadership, peers, and other departments to understand the business goals and challenges.
  • The assess phase involves taking inventory of processes, technologies, and people to identify existing controls and risks.
  • In the define phase, a security strategy is developed based on the risk level, regulatory environment, and business goals.
  • The implement phase focuses on putting the defined controls and processes into action, involving collaboration with stakeholders.
  • The measure phase involves monitoring and evaluating the effectiveness of the implemented controls and making adjustments as needed. Measure and evaluate the effectiveness of the security compliance program using objective metrics.
  • Reporting and metrics are essential for communicating progress to leadership and the entire company.
  • Use tools and dashboards to track and visualize metrics.
  • Continuous improvement is necessary as new risks and challenges arise.
  • Allocate budget for salaries, tooling, auditors, and cyber insurance when implementing a security compliance program.
  • Compliance is about meeting specific requirements, while security focuses on protecting data and assets.
  continue reading

9 episodes

#Tech #Business #Fix Security
Artwork

5-step framework for security and compliance programs - Mirko Kater, CISO at Gitpod

The Security Cloud Podcast

published

Play Playing
iconShare
 
MP3Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on August 15, 2025 15:14 (4M ago). Last successful fetch was on October 21, 2024 13:05 (1y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 420076780 series 3576155
Content provided by Fix Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Fix Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Mirco Kater, Information Security Officer at Gitpod, has taken a few startups from 0 to 1 when it comes to compliance and information security. Mirco has developed a five-step framework:

  1. Connect
  2. Assess
  3. Define
  4. Implement
  5. Measure

For start-ups, security and compliance programs provide access to markets. Mirco highlights the need for collaboration and communication with various departments within the organization.

He also discusses the selection of frameworks and tools based on the company's risk level and regulatory requirements. The goal is to enable the business while ensuring security and compliance.

Implementing a security compliance program requires budget allocation for salaries, tooling, auditors, and cyber insurance. Mirko also explains the difference between security and compliance, highlighting that compliance is about meeting specific requirements, while security focuses on protecting data and assets.

Takeaways

  • Building security and compliance programs is essential for startups to gain access to markets and customers.
  • The five-step framework for building security and compliance programs includes: connect, assess, define, implement, and measure.
  • During the connect phase, it is important to connect with leadership, peers, and other departments to understand the business goals and challenges.
  • The assess phase involves taking inventory of processes, technologies, and people to identify existing controls and risks.
  • In the define phase, a security strategy is developed based on the risk level, regulatory environment, and business goals.
  • The implement phase focuses on putting the defined controls and processes into action, involving collaboration with stakeholders.
  • The measure phase involves monitoring and evaluating the effectiveness of the implemented controls and making adjustments as needed. Measure and evaluate the effectiveness of the security compliance program using objective metrics.
  • Reporting and metrics are essential for communicating progress to leadership and the entire company.
  • Use tools and dashboards to track and visualize metrics.
  • Continuous improvement is necessary as new risks and challenges arise.
  • Allocate budget for salaries, tooling, auditors, and cyber insurance when implementing a security compliance program.
  • Compliance is about meeting specific requirements, while security focuses on protecting data and assets.
  continue reading

9 episodes

#Tech #Business #Fix Security

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play