Risk Grustlers / Episode #13

Security on a shoestring budget

featuring Kevin Qiu

Kevin Qiu, a seasoned Information Security Professional, joins us on the latest episode of Risk Grustlers to share his journey from Big Four consulting to tech startups, offering invaluable insights on building effective security programs on a limited budget.

Don’t miss Kevin’s practical tips for adapting security infrastructure, managing compliance, and tackling challenges unique to small and medium-sized businesses. Tune in for a masterclass on must do’s when building a security strategy!

“Don’t just buy any tool off the shelf because you need one specific feature. That is how your budget becomes bloated. If you can develop it in-house, if it makes sense to do so, then do that before you go and spend money on it.”

“One common mistake among startups is neglecting to maintain compliance post-certification. Many overlook the continuous monitoring required, leading to frantic efforts to catch up during surveillance audits.”

“Startups often rely heavily on third-party tools. Knowing your vendors is crucial. If a vendor is breached and you didn't even know your team used them, you're in big trouble.”

Listen on
Your favourite platforms


In this episode, Kevin offers a unique perspective on the differences in security infrastructure between large enterprises and startups, highlighting the need for adaptability in smaller companies.

Kevin delves into the key areas mid-sized companies should focus on when building an effective security program, emphasizing practical steps and strategic planning. 

He also addresses the common perception that compliance is merely box-ticking, discussing its true value and importance in maintaining robust security.

Tune in to uncover practical tips for building a robust security program in small to medium-sized companies.

Highlights from the episode

More Episodes

Derek Kalles & Glen Willis
Kalles Group
Episode #1
Strategies to Master Cloud Security
Davis Hake
Co-Founder of Resilience
Episode #1
Fancy some acronym soup, mate?
Vignesh Kumar
Manager of Security and Privacy at Microsoft
Episode #2
Do Auditors Have Horns?
Walter Haydock
CEO of StackAware
Episode #3
AI With a Pinch of Responsibility
Gary Hunter
Cybersecurity at The Walt Disney Company
Episode #4
Back to Basics: A Crash Course for Experts!
Ross Haleliuk
Head of Product at LimaCharlie
Episode #5
De*Romanticizing the Cybersecurity Complexity
Satya Nayak
Head of Security Engineering & Operations at Outreach
Episode #6
Are You YAFing, Bud?
Renae Martin
Senior Technical Program Manager
Episode #7
The Process of Setting Up A Process To Set Up A Process
Jason Leuenberger
Team Coach
Episode #8
A Scoop of Risk, Squishy Not Crunchy!
Akshay Ahuja
Principal - Information Security
Episode #9
The Art of Breaking Into the Security Space
Shashank Karincheti
Senior Manager - Razorpay
Episode #10
The Perks of Automating Audits
Joshua Zweig
Zip Security
Episode #2
Cracking the Cyber Code with Evolving Perspectives of Cybersecurity
Beau Butaud
Risk and Compliance Manager at Moss Adams
Episode #3
Compliance Beyond the Checkbox: A Fresh Perspective on Auditors and Risk
Farshad Abasi
Founder and CEO of Forward Security
Episode #4
Cyber Roulette: Playing with Digital Risks
Aaron Worthman
CIO & CSO at Spire One
Episode #12
Security: Building a Business Within a business
Todd Dekkinga
CISO at Scrut Automation and Zluri
Episode #11
The Upshot of (Un)continous Compliance

See Scrut in action!