Leading a cybersecurity program across multiple subsidiaries, geographies, or regulatory jurisdictions is incredibly complex. In the second installment of our 'What's On Your Security Roadmap for 2022' series, the Chief Information Security Officer (CISO) of a global provider of data, technology, and market infrastructure shares why automation, hiring, and cloud tooling are his top priorities to help his team stay ahead of cyber threats.

S3 buckets without encryption can leave sensitive data exposed and at risk. As a best practice and to meet a number of industry and governmental regulations, it’s important to ensure that S3 server side bucket encryption has been properly applied at all times. To do this, many security teams rely on their Cloud Posture Security Management (CSPM) platform and/or AWS GuardDuty to monitor their AWS resources and provide alerts when an S3 bucket is found unencrypted.

The current FedRAMP Authorization process is a struggle. First, you must manage multiple regulatory standards and frameworks, which change over time. Second, regulatory standards and frameworks overlap in scope and can often conflict and be difficult to manage together. And, lastly, information systems continue to increase in size and complexity.

As Head of People at Tines, Maria Dillon champions our inclusive company culture. Maria supports every team as we rapidly scale, ensuring every voice is heard and implementing thoughtful initiatives that help set Tines apart as a world-class employer and a fantastic place to work.

The state of cybersecurity today is, in a word, catastrophic. Breaches have become endemic. Not only do they continue at dizzying rates, but they are actually increasing in frequency by the month. Why are things so bad? And why do businesses seem so helpless to make them better? Those are complicated questions without simple answers, of course – but I believe that a major part of the answer has to do with the fact that, at most organizations, security remains the domain of elite security teams.

Step one of any automation Story is to get information into Tines. This can be done in several ways, including via a Webhook or polling for alerts. But in many cases, the starting point will be through email.

Today, anyone can contribute to some of the world’s most important software platforms and frameworks, such as Kubernetes, the Linux kernel or Python. They can do this because these platforms are open source, meaning they are collaboratively developed by global communities. What if we applied the same principles of democratization and free access to cybersecurity?