Everlasting short-term threat via useful resource safety earlier than UI / UX

In June 2019, I decided to leave Fortune 10 and join Bluescape, a small software startup from Silicon Valley that was 0.001 the size of my old company.

As Bluescapes first CISO and someone who ran the 400 meters and mile relay in high school couldn’t help but feel like the newest member of a team that was highly skilled and extremely motivated and nibbled at it, to step out onto the track and show the world that we could win the big race.

In other words, what I was experiencing was energy. Raw, unfiltered, lower your head, stare at the track and keep running until you cross the finish line of energy.

Amid all this positive energy, my job was to get started right away and start building a world-class software security program for ten cents a dollar.

When you’re running a race, it’s not easy to see other racers start early and take the lead while you stick to your schedule of moving yourself. The temptation to join them can be overwhelming and you can begin to question your strategy.

Bluescape found itself in exactly this situation. We had to make a decision, a decision that would shape the future of our company.

Are we joining the Jack Rabbits who are ahead of the game with better tools and go-to-market programs? Or are we going to distance ourselves and implement the security controls and programs that we knew we needed to win the long race?

With collaboration companies focusing on better tools and go-to-market programs, I stuck to our schedule and took a calculated risk. I convinced our CEO that while we were looking at our competitors’ back ends, we had no choice but to Focus on safety firsteven if it meant introducing new tools, functions, and programs at a later date.

Our customers always wanted better security and we had to keep delivering.

As I fitted into my role, I realized that building such a program would begin the endless journey of finding a balance: a balance between introducing new functionality and implementing new or improved security controls.

Finding such a balance is not easy and not without cost. The cost is both expensive and time consuming. In the short term, one of those costs was our user interface and user experience (UI / UX).

In the end, a decision was made to sacrifice some super cool UI / UX improvements to clean up our code, run higher quality security scans and tests, and implement a solid program to fix security vulnerabilities.

We knew the victim wasn’t forever. Over time, our patience paid off.

Our most critical and even less critical vulnerabilities have been identified and fixed. More and more tests were automated, giving our UI / UX team time to do what they do best again.

What I found out about myself and Bluescape over the next two years only confirms that this was indeed a race that required extreme discipline to win.

Although we fell behind in the short term, Security was our main concern for years and will continue to do so. This is the basis of what we do.

The short-term withholding of UI / UX improvements was really an example of horse before wagon management. I applaud the UI / UX team for their patience and progress throughout the race.

Our customers demanded security, but suffered from the ease of use. Today I’m proud to say they both got it.

For the architects and engineers joining Bluescape today, it may seem that the yin and yang of software development and security are in harmony and relatively balanced. This harmony and balance are thanks to a commitment to first-class UI / UX and an open-mindedness towards security.