For Pendo’s CISO, Cybersecurity is a Team Sport
It sometimes feels like we can’t go a day without learning about a new data breach that compromises our privacy, finances, or both. As technology advances, so does the risk for cyber crime.
What does this mean for businesses, especially those that rely on technology not just for daily operations, but as a means for delivering products and services to customers? Solutions that may have worked in the past are no longer sufficient — now, the table stakes for cybersecurity are much higher than just having firewalls and anti-virus software.
Pendo’s chief information security officer, Chuck Kesler, has spent the past 15 years helping companies tackle their cybersecurity challenges. Since joining Pendo in November 2018, he’s been building a cross-functional program based on the premise that every employee has an important role to play in keeping our data and, most importantly, our customer’s data, secure.
Before taking on this CISO role, Chuck spent seven years as the CISO for the Duke University Health System, and before that, six years at Symantec, where he managed a team of security consultants that provided advisory services for customers in a variety of industries. In both of these roles, he led teams that helped solve complex security and compliance challenges for very large enterprises. Chuck points out that “because Pendo is a born-in-the-cloud SaaS startup, the challenges are different — but no less daunting than those that I’ve seen in much larger organizations.”
Putting security at the forefront
One of Chuck’s goals at Pendo is to ensure security is always a primary consideration when product and business decisions are being made.
“In my experience, security isn’t something you can just tack on at the end of the process and expect that it will be effective. You have to think about security from the beginning when you’re building a new product or business process, and be diligent about revisiting your decisions when you find new risks along the way.”
Before Chuck joined, Pendo had already built a solid foundation for a security program — receiving our first SOC2 Type II certification shortly before he started. “I’m proud that we’ve been able to continue and improve upon that work to have that certification renewed again this year,” Chuck says.
In addition to the tactical side of his job, Chuck is also dedicated to creating a security-aware culture at Pendo, first and foremost by making sure conversations around security aren’t limited to an annual training module. In his mind, the cybersecurity practices we learn at work can apply in our personal lives, too.
For example, a lot (read: the majority) of communication at Pendo happens over Slack. So, Chuck decided to meet us where we already were, and created Slack channels for daily cybersecurity discussions — including everything from questions about our security practices as a company, to the latest data breach in the news and how it could impact us.
“I’ve always found that a lot of people are fascinated by what’s happening in the world of cybersecurity and want to learn more. I love seeing people from all over Pendo sharing their perspectives and what they’ve learned in our Slack channels.”
Fostering community around security
As a software company, we know how important it is for our customers to feel confident that the information that they send to Pendo is safe and secure. Chuck often joins conversations with customers to speak to our security compliance and help answer any questions they have, and he’s first in line to help if a customer reports a potential security concern.
“I always enjoy the opportunity to talk to our customers, not just to help explain our security program, but also so that I can get a better understanding of their businesses and how their security teams are addressing their security risks.”
When reflecting on his career in cybersecurity, Chuck said, “I’m incredibly thankful for the opportunity to have worked with and learned from some of the brightest people in the industry.” This interest stretches beyond his day job: one of Chuck’s personal passions is helping people who are interested in a career in cybersecurity get a foot in the door and build their skills.
He hosts monthly meetups for local security groups at Pendo’s office in Raleigh, where it’s not uncommon to see 30 or more current and aspiring security professionals come together on a weekend afternoon to share their knowledge. Chuck is also a frequent speaker at security conferences, and often does guest lectures at North Carolina State University (from which he holds an undergrad degree in Physics and an MBA) and Duke University.
Learn more about Pendo’s data privacy and security initiatives here.