Humans of Secureframe: CISO Drew Daniels on the Rewards of Resilience
Every founder and entrepreneur paves their own path. Growing a business from the spark of an idea to a fully realized company takes a tremendous amount of grit and tenacity.
I know firsthand the resolve it takes to pave your own path. Originally from Chicago, I have lived in California for half my life. I grew up in a very difficult environment with little support from anyone, even before I was declared an adult through emancipation, including working full time during my last year of high school and footing the bill for college entirely on my own.
These experiences have made me resilient and situationally aware. I have experienced some of the worst and some of the best. I am the first person in my family to go to college, and I believe I’m the only published author in my family.
Resilience is a skill honed through intention and perseverance. As someone who’s been forced to develop resilience throughout my life, I’ve seen the difference it makes in building something with staying power.
For fast-growing businesses, strong security and compliance practices are an absolutely essential component of a resilient, lasting business. The ability to weather fluctuating markets, variable customer demands, and dynamic technological shifts are often what separates startups that fizzle from those that become global brands.
Unfortunately, security and compliance are often regulated to a checkbox. This is primarily because companies oftentimes pursue compliance because customers ask for a SOC 2 or similar certification. While great frameworks, these don’t really focus on holistic security maturity or on making security a core business driver that improves over time. They’re also fairly generic and long-lived, meaning they don’t adapt to changing times (which can be both good and bad).
Every good security practitioner knows that nobody is unbreakable or invulnerable. You have to prepare for the outcome where a security incident or breach happens. This is why improving the maturity of your security program — the maturity and effectiveness of your compliance controls and how they map to your business — is crucial.
What drew me to Secureframe is the promise that we can change the checkbox nature of compliance. By removing a lot of the tedious, repetitive tasks through automation, we can help companies mature, reduce risk and liability, and have a profound impact on businesses and frankly the world. We can help protect companies and individuals from the data breaches and security incidents that plague companies today, leading to a safer world where we can all be confident in the businesses we trust with our data.
Beyond repetitive or tedious tasks, automating tasks where there is no real need to have a human perform them will help reduce the incredible demand for qualified security and compliance candidates. Security and compliance is far too critical of a business function to just hire anyone; we need individuals who have integrity, honesty, devotion to the cause, thrive under stress, can multitask, and can quickly assess risks and challenges and come up with creative solutions. And we need those people to be able to shift their time and attention away from unnecessary tasks to more meaningful risks and challenges.
My ultimate goal is to make security and compliance a crucial part of every business, without exception. To put real measurements in place to demonstrate the value of and effectiveness of security programs. To help security further meaningful, business-impacting solutions, be more adaptable, and be able to make real change that is relevant and timely. By enabling security to make an appreciable difference in reducing security incidents and breaches, which then can reduce overall business costs like liability insurance premiums.
To achieve this:
- I believe that we must communicate critical feedback in a timely manner so we can focus on continual improvement. This means both praising and also helping those around us know how to be better.
- I believe that we succeed by collaborating and learning from others.
- I believe that we must always be introspective. We may know the answer, but that doesn’t mean we can’t find a more effective or efficient way of solving it. Introspective doesn’t mean we change the past to fit the narrative, it means we learn from it and remember those lessons.
- I believe we need to be open to feedback, and we need to have care when we deliver feedback to make sure it is timely, honest, constructive, fair, impartial, and most importantly delivered with due care and from the heart.
- I believe we should try to be humble. We all have egos, and we all can be bruised, but humility will take us farther. It will allow us to learn from each other and there is strength in numbers.
- I believe we should be hungry. We need to feed our minds, bodies, and spirits in the right ways. While we can be satisfied, we should always strive for better.
- I believe we must have integrity and honesty but know that what we do requires confidentiality and dedication.
My mission at Secureframe is to help companies become more resilient by thinking beyond compliance frameworks. Compliance and security by broad definition should be core to the business, and while frameworks add structure, they are just a small part of the equation. We shouldn’t be limited by those frameworks, nor strive to just check the box.
We need to strive for all personnel and departments to be part of the security team — collaborating and taking ownership for protecting networks, systems, and data. Better alignment with security will reduce risks to businesses and help collectively find an end to the constant noise of security incidents and breaches. Security can and should be a business enabler, a core function that helps organizations find safe solutions that scale, adapt, and insulate them from inherent risks.
If at any time you think I can help you, please feel free to reach out. If you’re interested in furthering our mission at Secureframe, learn more about our fully remote team and open positions. We are always looking for passionate, talented individuals who share our vision for the future of security and compliance.