One of the big educations I've been getting since joining Akamai's InfoSec group is what it's like to deal with the multiple tasks of compliance from within an organization. As a journalist, I always tackled the subject from the outside, where I'd ask a company which regulations they were bound by, and which security procedures they had adopted as a result.
Now I'm inside a publicly-traded corporation that is on the hook for all kinds of regulations, and a lot of the work going on around me is about making sure Akamai is on top of its compliance game.
Two weeks before I officially started, I paid a visit to sit in on some meetings that were part of an audit the company was having done. It started with an overview CSO Andy Ellis gave auditors regarding the main components of our security program. There was also a meeting where representatives from human resources told the auditors about security training they give new employees and the follow-up training employees continue to receive. Having just gone through the training, I can tell you it is extensive. Another meeting dealt with Akamai's Edge Tokenization deployments.
Now I'm watching my colleagues work on the daily bits and pieces that go into our compliance upkeep.
I'm looking at compliance from two angles at all times: There's the internal compliance efforts, and then there are the products we sell to customers to help them with their efforts. I don't pretend to know everything yet. Indeed, it will take time to fully absorb everything. The greatest lesson so far for me is that the work is far deeper and far more complex than what I understood as the outsider looking in.
I see a lot of heavy lifting ahead. But it's going to be fun.