Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Top 15 things we wish every company had already done before acquisition

Ruchi Shah (Google), Michael Sinno (Google)
1:15pm–1:55pm Tuesday, October 31, 2017
Average rating: **...
(2.50, 2 ratings)

Who is this presentation for?

  • Security engineers and managers, IT managers, and system administrators

Prerequisite knowledge

  • Familiarity with general security policies

What you'll learn

  • Explore the top 15 security gotchas for most companies


Ruchi Shah and Michael Sinno share the top 15 things that Google Security worries about when acquiring or starting a company and explain how they address them in order to protect both the entity and Google itself. Along the way, Ruchi and Michael cover the people, process, and technology aspects of information security that companies should pay attention to when acquiring or starting out.

Topics include:

  1. Building a security culture in which security is everybody’s responsibility
  2. Incorporating SDLC, application security reviews, and testing
  3. Building strategy, methodology, and plans around patch management and change management
  4. Laying out access controls to critical systems and data
  5. Assessing vendor security controls prior to outsourcing
  6. Maintaining a robust asset inventory
  7. Hardening servers, clients, and platforms
  8. Setting up vulnerability scanning for perimeter and internal networks
  9. Setting up monitoring/detection and response programs
  10. Configuring multifactor authentication
  11. Key management and credential management
  12. Automating configuration management
  13. Segmenting networks based on different trust levels
  14. Establishing phishing protections
  15. Ensuring encryption in transit and encryption at rest
Photo of Ruchi Shah

Ruchi Shah


Ruchi Shah is a senior technical program manager in security at Google, where she leads a team whose mission is to secure acquisitions and Alphabets. Ruchi has over 12 years of experience in security. Previously, she spun up the Subsidiary Security Program at Amazon and managed the product roadmap for AWS Identity and Access Management and AWS Key Management Services. Ruchi also worked at Deloitte and Touche LLP and Ernst & Young, where she helped clients implement security solutions ranging from identity and access management (IAM) and security information and event management (SIEM) to network security products.

Photo of Michael Sinno

Michael Sinno


Michael Sinno is a Manager on Google’s M&A Technology Integrations team, which is responsible for the onboarding and integration of all Google acquisitions. In his decade at Google, Michael has worked on both security- and nonsecurity-related technologies within Google’s corporate infrastructure. Previously, he worked at Microsoft and a number of financial services companies.