Live Webinar | 26 June 2025 9AM PT
From Black Box to Boardroom: Operationalizing Trust in AI Governance
HomePodcast

Security on a shoestring budget

Featuring

Kevin Qiu

Kevin Qiu, Head of Security at Shiftsmart, joins us on the latest episode of Risk Grustlers to share his journey from Big Four consulting to tech startups, offering invaluable insights on building effective security programs on a limited budget. Don’t miss Kevin’s practical tips for adapting security infrastructure, managing compliance, and tackling challenges unique to small and medium-sized businesses. Tune in for a masterclass on must do’s when building a security strategy!

Category

Kevin Qiu

Head of Security, Shiftsmart

Security on a shoestring budget

00:00 / 00:00

Listen on Your favourite platforms

Description

In this episode, Kevin offers a unique perspective on the differences in security infrastructure between large enterprises and startups, highlighting the need for adaptability in smaller companies.

Kevin delves into the key areas mid-sized companies should focus on when building an effective security program, emphasizing practical steps and strategic planning.

He also addresses the common perception that compliance is merely box-ticking, discussing its true value and importance in maintaining robust security.

Tune in to uncover practical tips for building a robust security program in small to medium-sized companies.

Highlights from the episode

  • Kevin’s career transition
  • Challenges in startups vs. large enterprises
  • Building a security program in mid-sized companies
  • Compliance vs. real security
“Don’t just buy any tool off the shelf because you need one specific feature. That is how your budget becomes bloated. If you can develop it in-house, if it makes sense to do so, then do that before you go and spend money on it.”

“One common mistake among startups is neglecting to maintain compliance post-certification. Many overlook the continuous monitoring required, leading to frantic efforts to catch up during surveillance audits.”

“Startups often rely heavily on third-party tools. Knowing your vendors is crucial. If a vendor is breached and you didn't even know your team used them, you're in big trouble.”
Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Join the Unlimited

Get that doubles sales or startups is send a performance

Book a Demo

Share on

Join our community and be the first to know about updates!

Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo