When not one, but two vendor security questionnaires from potential enterprise customers were presented as requisites to do business, the team at HireBrain, a hiring enablement platform company, began weighing their options on how best to tackle the incoming security requirements.
Outsourcing a CISO or building an information security program themselves were the first options that came to mind. However, as a startup, their budget and bandwidth would be among the primary factors that would drive their decision.
“[A security program] became something that we needed, but didn’t want to set it up ourselves,” said Julie Goff, HireBrain COO. “It was a showstopper for these two enterprise customers. We were in the sales cycle with them, and we were either going to get to a place where they wanted to do business with us or they weren’t. So it was a natural impetus to get our house in order, but we also wanted to do it in the nimblest way we could.”
The organization sought to strike that balance between protecting their customer data with a robust program without creating excessive workloads for everyone on the team.
Rohan Mishra, Director of Engineering at HireBrain recommended his team reach out to Ostendio, with whom he had worked in the past.
“I didn't even know these tools existed until Rohan brought it to us, so I was really excited because financially it was not nearly as costly as a fractional CISO,” Goff said.
“Even if you find someone else to [manage your security], there are going to be things they want from you,” Mishra said. “No third-party CISO will know everything that’s going on in your company. You know everything that's going on in your company and outsourcing the creation of a policy to someone else that you are not going to follow is not beneficial.”
With the organization’s security, budget, and bandwidth in mind, HireBrain officially kicked off their in-house security plan with Ostendio.