A conversation on Security, Compliance & more at Everest Base Camp - Part 2

Experiencing Everest Base Camp

In Part Two of Episode 10, SecurityPal’s Pukar Hamal and Ruth Rafalovich are joined by Josh Mullis, Head of InfoSec at Productiv, and Bil Harmer, Operating Partner at Craft Ventures, at Everest Base Camp. The group reflects on the awe-inspiring experience of landing in a helicopter at 13,000 feet and sharing an unforgettable conversation among the Himalayas. As the helicopter landed at 13,000 feet, the silence allowed voices to carry over long distances, emphasizing the isolation where Bil, Josh, Pukar, and Ruth shared an unforgettable experience.

No camera could fully capture the feeling of being there. They described feeling moments of being choked up and felt a sense of insignificance amidst the grandeur of the mountains that overwhelmed and humbled them, leaving a lasting impression.

The peaceful environment at high altitudes starkly contrasted with the hustle and bustle of everyday life.

About our guests

William (Bil) Harmer is a seasoned IT professional with decades of experience in security. He has led initiatives for diverse organizations and held roles such as Chief Security Officer and Chief Information Security Officer at companies including GoodData and SAP. Currently, he is an operating partner at Craft Ventures, where he continues to leverage his extensive security experience. Bil recently visited the SecurityPal Operations Command Center in Kathmandu.

Josh Mullis, CISSP, Head of Information Security at Productiv, is a seasoned cybersecurity professional and former Director of Cyber Security at PwC; Josh brings extensive experience and knowledge to his role. He actively engages with trends, focusing on SaaS governance and the impact of AI on IT security. Josh recently hosted a session with our team, sharing insights on the Cyber Market and its evolution.

Key takeaways

• Do security questionnaires act as a "trip wire" for vendors, and can allowing customer penetration tests offer valuable insights and act as a "free bug bounty"?
• How do security assessments impact a vendor's risk profile, and should ignoring them increase risk metrics?
• Are startups more transparent and flexible with security assessments than larger companies needing extensive sign-offs?
• How does the "trust center" model for self-service security documentation streamline processes, hinder direct communication, and pose challenges for small to mid-market companies?

Visiting SecurityPal’s Kathmandu headquarters

We were excited to host Bil and Josh at our headquarters in Kathmandu, Nepal. Their first impressions of the SecurityPal office and team in Kathmandu were overwhelmingly positive. Bil and Josh were particularly impressed by the office's facilities and attention to detail, noting security measures like badge-in/badge-out protocols and multiple internet connections as indicators of professionalism.

Bil and Josh described the SecurityPal team as "hungry," motivated and fully bought into the company's vision. For example, they observed one employee who, despite moving from the night shift to the day shift, frequently checked in on the night shift to ensure everything ran smoothly. Bil was impressed to see this level of personal commitment, which is a critical factor in our success.

Bil and Josh appreciated the lack of hierarchical distinctions, like the absence of a CEO’s office, as a positive aspect of our company culture. They noted significant improvements in our service level agreements, with faster response times and a dedicated approach to customer support. We've built confidence in our customers and partners by quickly addressing customer feedback. Our turnaround times have improved from a 5-day SLA to a 48-hour SLA, with the option to expedite to a day, reflecting our team's dedication and hard work.

Our focus on empathy, listening to customers, and maintaining transparent communication has fostered strong customer relationships like Josh's. The team openly discusses how customer feedback has always been paramount for refining our processes and services and has directly led to enhancements in our operations. Engaging with customers and valuing their input has helped build stronger, more trusting relationships.

Pukar and Ruth sincerely thank our customers and partners for their support and feedback. The collaborative journey, including the trip to Nepal, is a testament to the strong relationships built over time.

This concludes Season One of the “In Security” podcast. We look forward to providing more insightful discussions and valuable content in Season Two. Stay tuned for updates, and thank you for being part of our journey.

The “In Security” podcast brings you conversations and thoughts on the shifting landscape of security, Governance, Risk, and Compliance (GRC), technology, and beyond. Featuring insights from industry executives and leaders in cybersecurity and GRC, we explore the crucial strategies, trends, and stories shaping our ever-evolving digital world.