Bootstrapping Security in the Wild: A Ground-Up Guide for Remote-First Teams

By Aditya Dev

Elevator Pitch

How to build Sec & IT ops in a fully remote startup—without grinding teams to a halt or panicking about audits? If you are a 1st (or only) security hire, this talk shares practical perspectives on: - Change your approach to Security & Privacy - Zero-Trust device enrolment - Ubiquitous IT support

Description

Topics

Zero-Trust Device Enrolment

Using MDM server assignments to ensure all accesses and hardware are delivered in an unopened box on Day 1 and revoked on Day X to all employees

Ubiquitous IT support

Building a low-friction Service Desk using Slack, Jira etc. for compliance purposes. Importance of make it easier for people to ask for help without context switching and the pitfalls of not providing timely assistance to employees - security implications of solutions that were built in silos

Decentralizing GRC and Vendor Management

  • Creating a vendor management process that Finance, Legal, IT and Security can share ownership of, and keep up to date
  • Assigning app ownership for accountability and getting help to maintain audit posture

Zero Trust SSO Adoption

  • SSO adoption as a security boundary, not just IAM hygiene
  • Overhead and dynamically elevating/de-elevating roles based on risk and need

These points will be accompanied by real-life examples of how and why they are on my list of talking points. Think of this talk as a set of scalable, non-theoretical patterns that work because they are field-tested, built under pressure, and from real companies with real constraints. If you’re navigating the middle ground between startup chaos and compliance maturity, this talk is designed to provide you with a framework to work from.

Notes

I’m an engineer with over 8 years of experience in full-stack software development, security engineering and IT operations. I have worked on-site, in a hybrid setting, and remotely at multinational conglomerates and one-floor startups worldwide. I currently lead Security and IT at a global, privacy-focused company. My work focuses on seamlessly building scalable and audit-ready systems surrounding internal operations, engineering practices, and infrastructure systems with minimal disruptions, before they become scaling problems. This is my first conference talk.