Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Enterprise SaaS startups: The business case for security

Kyle Randolph (Optimizely)
1:15pm–1:55pm Wednesday, November 1, 2017
Average rating: **...
(2.00, 1 rating)

Who is this presentation for?

  • Software, security, and DevOps engineers, product managers, and product counsel

Prerequisite knowledge

  • Familiarity with security and cloud basic concepts

What you'll learn

  • Learn pragmatic approaches to meeting customer expectations without compromising your Agile, cloudy ways of building software
  • Understand how to make the business case for security and privacy and minimize the impact of security compliance on engineering
  • Discover the top concerns of prospective customers' security teams that could kill your deal


It’s a huge act of trust for an established company to allow a startup access to its data and infrastructure. Kyle Randolph shares lessons learned building an enterprise SaaS startup, where security went from zero to paramount as the company scaled.

Topics include:

  • Understanding the customer’s needs: Customers want to find out if you’re secure. From SDL to authentication to testing, Kyle covers the common practices that matter most and helps translate expectations from another era into security best practices in an Agile, SaaS/PaaS/IaaS environment.
  • Getting the suits on board: Security’s great, but features make your customers successful. Kyle explains how to collect customer requests for security and build a business case that will score engineering investment in security, helping sell more product.
  • Enabling engineering: If you build the security customers ask for, you’ll get an IT closet with a rack of servers and firewalls running Windows 2000 running AV. Your risk of introducing vulnerabilities will be minimized because it will require act of Congress for a developer to deploy a change. Kyle details how to get excellent security for the lowest effort and with minimized impact to how you ship code.
  • When to compliance up: Customers use standards like ISO 27001, SOC-2, and PCI as proxies for security. Others have to have it for regulatory reasons or to be able to process credit cards. Kyle outlines how to evaluate security standards and figure out when they make sense on your roadmap.
Photo of Kyle Randolph

Kyle Randolph


Kyle Randolph is the senior director for security, privacy, and compliance at Optimizely. Kyle has over 15 years of experience growing security teams from zero, building Twitter-scale defenses to protect millions of users, and scaling security programs at companies of all sizes.

Comments on this page are now closed.


ky guidat
11/05/2017 9:04pm EST

i like it

Picture of Kyle Randolph
11/01/2017 10:24am EDT

Had a great time sharing this today! Slides and speaker notes at