Ken Fearnley – Risky Business

In this episode, they talked about Risky Business and Life in IT. 3:09 – Ken ended up in the crazy world of technology because he was a full-time firefighter for about twelve years and he started selling t-shirts and realized he needed a website. He taught himself how to code, and build a website, and decided that technology and business were what he wanted to do. He has been involved in a bunch of startups and taken a company public and has been involved with software for 25 years. 8:15 – Brian asks Ken “what drives kind of creativity for you today and what are your working on right now?” Ken is working on a project with Cybrance, a company that provides a platform for cyber compliance in risk management. The platform includes enterprise GRC, third-party risk management, cyber incidental response management, and more modules. Cybrance sees a need in the marketplace for software and the know-how to put something out there that has a real possibility of gaining significant market share. 11:06 – Brian said that the most important details in this text are that the human factor, insecurities, is the biggest challenge in delivering policy, following up on compliance, and reviewing status. There are a lot of moving pieces in infrastructure that are being recorded and measured, so it is important to ensure that they are being reviewed appropriately and not missing things that can get chaotic. 12:41 – Ken and his team are looking to reduce the number of tools used in the security landscape by offering different capabilities. They are also aware of how the three sixty partners and supplier and vendor ecosystem is expanding, with a thirty percent year of growth. They need to consider not only their suppliers, but also their partners, networks, and security posture. This can lead to an infinite loop of enrolling everything up without tools and things that make it easy to collect. 16:42 – Ken believes that when starting a business, you should be opportunistic and fluid in terms of who you take on as a client. You know the target demographic, twenty to hundred million in revenue, ten to twenty people on the IT staff, with one or two people focusing on security. 20:11 – Brian explains that when they think about their contacts, they think about the people they work with and law enforcement. They have to engage bodies like CIS to help with forensics, and the more data they can collect and organize, the easier it is to communicate those things to insurance companies. The more they can document, the more they can quickly give to them and share with them.