Small and medium businesses face a significant challenge when it comes to understanding their cyber risk and implementing a security management program that can adequately address that risk. In many cases, it can seem too daunting and/or too confusing and/or too expensive, so many businesses don't even bother taking the first steps necessary to begin their information security journey.
However, according to Monica Bush, Senior Technical Program Manager for Security and Compliance at Nintex, it is possible to perform a right-size security program for the company. It just takes some time and some creativity to determine the core focus and what gets tackled first.
In today's episode, I dig deeper into the idea that risk and security management for SMBs is possible. I got some tremendous insights from Monica who shares with me how she joined Nintex to help bootstrap their risk, security and compliance program, taking it from its infancy stage to one of growth and continued improvement.
She talks about focusing on the basics, driving the program by fundamentals, working towards small wins, and establishing a culture of security, a culture embodied both internally (executive staff and employees) and externally (customers and community), a culture that embraces the recognition that being perfect is not possible, a culture that promotes communication and transparency along the journey to get better all the time.
Listen closely and you'll get a lot of actionable tips in this episode.
About Monica Bush
Monica Bush has spent the latter half of her nearly 20-year career in information security program management and the former half in enterprise systems development. She has a passion for security and helping organizations grow their security programs to increase customer trust and reduce company risk.
Monica is currently the Sr. Program Manager, Security and Compliance at Nintex, the recognized leader in workflow and content automation.
Prior to Nintex, Monica was the Technical Program Manager of Subsidiary Security at Amazon.