Greetings DataGrail community! As the new VP of Security, I wanted to share a bit about my philosophy and goals moving forward. If you’re reading this, chances are high you care about security and privacy– and want to know how DataGrail will approach continuous improvement of its security posture over time. Let’s talk shop!
Security has been my focus and passion, as well as my sole marketable skill, for the last 20+ years. Like many security folks, my work has been behind the scenes, most recently for companies like Shopify, Twitch, Box, Zynga and PayPal. I’ve spent time building teams around infrastructure and application security, and have had the great fortune to learn patterns (and see failures) from some of the best practitioners out there.
So how does this translate to DataGrail?
I view security as a protective mission. Security is about restoring a balance of power to the most powerless party in the data exchange equation. Let me explain: consider the collection, retention and sharing of personal data along a continuum. The company collecting and holding onto data sits at one end of the line, the company’s employees are situated in the middle, and customers are on the other end.
An implicit power dynamic exists between parties. The company is extremely powerful in terms of determining what data is collected and retained, as well as how it is used internally and if it is shared or sold. The employees also have power because at least some have the ability to access and manipulate customer information. Yet, the customers who supply the data generally have no power at all. That’s changing, but it has very much been the status quo for years.
Part of the role of security, in a protective context, is to restore the balance of power to the customers. It is their human right. This is my mission at DataGrail, to restore the balance of power. We will practice what we preach in all areas. As the person responsible for information security, information technology, internal and external compliance, and internal systems, my job is to ensure we hold ourselves accountable to the same high standard we believe others should meet.
Data can be a powerful, and empowering, tool. But the practices surrounding it can range from trying to be responsible citizens, to ignorance and/or indifference, to something far more dangerous. From my perspective, many companies have commoditized human lives and the data that surrounds them to an unacceptable level. For this to change, DataGrail must make data privacy and security simple, seamless, and transparent.
So, how do we do that as a company and specifically as a growing security team? The truth is you can’t do it all at once. It will require a lot of engineering-visible posture improvements over time. Small changes will lead to large changes, but realistically, not everything will work perfectly on the way there. Something that was successful at another company may not function the same way here. We will respond and adapt quickly, with full transparency.
Trust is paramount– not just within the security team but throughout the entire organization, and with our customers and partners. For DataGrail to reach its potential, every team member needs to understand the importance of privacy and security in their own job function as well within the larger context of the customer’s point of view. This means having a full grasp of how their actions in adding a feature or creating a marketing campaign may impact others.
With this knowledge and a shared company directive to make privacy a human right, trust is built within and woven through the entire framework of our organization. From there, it flows out to customers and partners – and then ultimately the consumers affected by data privacy practices.
To be effective, it can’t be one person or a couple of us against the world, as grand as that might sound. To get anything accomplished, the right team must be in place and fully aligned. I came to DataGrail because a culture of trust and team buy-in is here.
I knew DataGrail CTO Cathy Polinsky from our work together at Shopify, where she earned my respect. She has a similar view and approach to the world as I do, and in a business of trust, she is among the colleagues I trust most. I am thrilled to join her once again.
I also got to know Daniel and the founding team, all the technical folks, well before I joined. I asked a lot of questions. What struck me was the openness and honesty in every teammate’s and executive’s answers to my questions, their desire to get things right, their passion for ensuring the protection of customer data and empowering companies to make data management and security easy.
I believe DataGrail has a rare opportunity to change the data privacy landscape for the better, and I am here to help drive that transformation.