Jonathan Werrett is the head of information security at FitBit and prior to that, he ran product security at Palantir. Jonathan has spent the last decade building infosec teams and maturing security operations. His roles have spanned security engineering in Silicon Valley, pentesting in APAC, and devops/SRE in Europe.
During this episode, Jonathan will share core principles to follow when hiring and building a team in information security. Learn to find ideal leadership even when the talent pool is subpar and explore the importance diversity plays in the hiring process. Listen to the end to hear some of Jonathan's hardest lessons learned during his 15+ years in the industry.
00:27 - Jonathan’s background and introduction
02:12 - Principles to follow when hiring a new team
02:39 - “The team should reflect the risks that your particular organization faces” - Jonathan Werrett
03:28 - Security teams role in proper context
08:55 - Building and hiring a team in information security
13:22 - Skills and roles that can be outsourced
14:02 - “You don’t need a full time red team even if your multinational” - Jonathan Werrett
16:22 - The importance diversity plays a role in the hiring process
16:45 - “More diverse teams come up with better solutions over time” - Jonathan Werrett
18:16 - Finding ideal leadership even when the talent pool is subpar
23:55 - Hardest lessons learned in this industry