Ryan is an avid technologist, with over 17 years of experience working at early-stage startups. Trained as a software engineer, he has been a co-founder of several companies, and still finds opportunities write code when possible. 10 years ago, Ryan co-founded an enterprise SaaS startup which had many Fortune 500 customers with strict vendor due-diligence security reviews. More recently, Ryan built a neobank (N26 US) and a payments company (Orum.io) where compliance played a key concern in the foundation of the company and the technology stack. He was directly responsible for developing Information Security Programs that were audited according to SOC2 Type II standards, and routinely passed audits with zero exceptions. Ryan’s enthusiasm for InfoSec motivates him to reframe the criteria of SOC2 as an accelerator of velocity rather than a burden of time and effort.
Preparing for your first SOC2: practical practices and expectations
In this talk, Ryan will share his experience building a SOC2 information security program in a technology startup. In addition to demystifying what a SOC2 actually entails, this will include practical advice on how to implement necessary controls, practices, and policies necessary to pass the audit. It will highlight measures worth adopting on day one, even before an audit is planned, and give detailed insight into how a program is developed, maintained, and audited.
As a seasoned engineering leader, Ryan will describe how a SOC2 can even establish and promote strong engineering practices and culture across an organization.