The Security Collective

View Original

Episode #1: Security in Context with Jonathan Werrett

See this content in the original post

“The team should reflect the risks that your particular organization faces”

— Jonathan Werrett

Jonathan Werrett is the head of information security at FitBit and prior to that, he ran product security at Palantir. Jonathan has spent the last decade building infosec teams and maturing security operations. His roles have spanned security engineering in Silicon Valley, pentesting in APAC, and devops/SRE in Europe.

During this episode, Jonathan will share core principles to follow when hiring and building a team in information security. Learn to find ideal leadership even when the talent pool is subpar and explore the importance diversity plays in the hiring process. Listen to the end to hear some of Jonathan's hardest lessons learned during his 15+ years in the industry.

Links:

Time Stamps:

  • 00:27 - Jonathan’s background and introduction

  • 02:12 - Principles to follow when hiring a new team

  • 02:39 - “The team should reflect the risks that your particular organization faces” - Jonathan Werrett

  • 03:28 - Security teams role in proper context

  • 08:55 - Building and hiring a team in information security

  • 13:22 - Skills and roles that can be outsourced

  • 14:02 - “You don’t need a full time red team even if your multinational” - Jonathan Werrett

  • 16:22 - The importance diversity plays a role in the hiring process

  • 16:45 - “More diverse teams come up with better solutions over time” - Jonathan Werrett

  • 18:16 - Finding ideal leadership even when the talent pool is subpar

  • 23:55 - Hardest lessons learned in this industry