Growing Pains: Incorporating Security into IT for Small Business

Ever wonder what it’s like to grow a company’s infrastructure and security from a mom-and-pop, just-make-it-work situation to incorporate frameworks like ITIL, OWASP, CIS and NIST? Do you muse over the internal conflict between Confidentiality, Integrity and Availability? Ever lost a crap-load of data and wondered if you still had a job? Do you not havea security department but still need security? Ever been told you can’t get there from here, and you replied, “oh yeah? watch this!” What follows are anecdotes and lessons learned while incorporating security principals and frameworks in an organization as it progresses from small business to a $30 million organization.