There is no ‘I’ in team, but if you look closely, there is a me: being the first dedicated security hire and growing a team

OVERVIEW

Being the first dedicated security hire at any organization is an incredible learning experience. One moment you could be hands-on deploying EDR and MDM tools, the next, you’re on a sales call with a prospect, or talking to the board. But amongst the opportunity, there is of course plenty of stress, anxiety, and burnout. When you’re doing the things that might otherwise be done by a team of folks, how do you know where to get started? How do you prioritize? In this talk we’ll answer those questions.

I’ve gone from being the first dedicated security hire, to building teams on three separate occasions now, and each time, I’ve done some things in the same way, and some things differently. The talk is a lesson’s learned going from absolutely nothing on day one to a reasonably large security team with dedicated sub teams.

We’ll discuss how the decisions you make early on, as the wearer of many hats, can have long lasting impacts when you start to distribute those hats. This includes technology and process decisions, along with hiring and delegation.

A final key message in the talk will be that even though there may only be one dedicated security person at a company, that person should never be expected to carry the weight of the whole company’s security and privacy decisions, so we’ll talk about how to set that boundary as well.

After all, there is no ‘I’ in team, but if you look closely, there is a me.