supernav-iconJoin Us at AWS re:Invent 2024

Contact Sales

  • Sign In
  • Get Started
HomeBlogCompliance Uncomplicated Episode 5: An InfoSec Perspective to Digital Security Success With Nemean Services

Compliance Uncomplicated Episode 5: An InfoSec Perspective to Digital Security Success With Nemean Services

Nemean Services’ Information Security Manager, Max Glynn, discusses digital asset security, continuous compliance, and leading a company to information security success in the fifth episode of Drata’s Compliance Uncomplicated podcast.
Asset - Alexa Ovenshire Headshot

by Alexa Ovenshire

March 23, 2023
Asset - Compliance Uncomplicated - Nemean Services
Share

Twitter

Facebook

Linkedin

Email

Contents
What Does Nemean Services Do?The Keys to Information Security SuccessAn InfoSec Manager’s Perspective on ComplianceThe Importance of Continuous ComplianceWhere to Listen and Learn More

In the fifth episode of our Compliance Uncomplicated podcast, Max Glynn—Information Security Manager at Nemean Services, recently promoted to Information Risk Assurance Manager for the entire MITMARK group—joins us to discuss digital asset security, continuous compliance, and what it takes to lead your company to information security success.

Drata’s Rick Stevenson, Manager of Cybersecurity Risk Management and Compliance, Helina Medhin, Senior Community Strategist, and I go on a deep dive with Max on how to take an InfoSec approach to securing your company, and how Nemean Services walks the walk.

What Does Nemean Services Do?

Nemean Services, a subsidiary of MITMARK, specializes in secure data storage, audits and confirmation, and recovery of digital assets for institutional investors worldwide. With experience in both the military and financial sectors, they combine the best practices in military protocol and financial services to provide active threat identification, rigorous defense measures, and investigation of digital asset fraud.

The Keys to Information Security Success

No surprise but here at Drata, we take security seriously. Every employee understands their individual responsibilities in ensuring the overall security of the company and how that contributes to ongoing success.

We asked Max for his perspective as an InfoSec Manager, and he gave us several key takeaways for how to guide your company to information security success:

1. Stress Comes With the Territory

“Well, I think any information security manager that isn't stressed constantly is doing their job wrong,” Max (half) jokes. The ever-present threat of cyber attacks requires vigilance and readiness, but the stress doesn't have to be negative. In the role of an InfoSec manager, it’s simply a necessary motivator to keep the organization safe.

2. Overkill Is Better Than Underkill

Staying proactive and taking preventative measures to avoid breaches is key, rather than just being prepared to react to issues after they occur. “We haven't had a breach, and that's because we are very on top of things,” Max notes. “It's better to overkill than underkill when it comes to security, and when in doubt, it's better to be safe than sorry.”

3. Be a Constructive Voice, Not a “No” Voice

“The key thing is it's not just being a ‘no’ voice, it's also being constructive,” Max explains. “It's working with people.”

Being a constructive voice means being solution-oriented when it comes to potential security issues, not just rejecting ideas outright. “My job is, for any new opportunity: How do we make it secure? How do we make it safe? That's my main goal.”

4. Teamwork Makes Security

“You need to build it into people that everyone is a stakeholder and everyone is responsible,” says Max. “It's educating people, it's making people aware. But again, it's working with them.”

Building security into everyone's mindset means that it becomes a shared responsibility, not just the responsibility of the information security manager. By working together, businesses can create a culture of security that protects everyone.

5. Keep People Engaged With Clear Communication

“Most of my job is actually communication. It's explaining,” Max points out. “It’s being able to not only understand [complex compliance language], but understand it well enough that I can then communicate it to other people who don't really have time to sit through long, lengthy explanations.”

“You want to keep people engaged… make it easy to understand.”

6. Have a Growth Mindset

Digital asset popularity is continuing to grow on an exponential scale, and Nemean Services is ready to grow with it.

“We are in a fascinating time of technology and admittedly it is a time—again, being a risk manager—to be cautious. But it's also a time to think, okay: Where can this go? And where are the new business opportunities?”

An InfoSec Manager’s Perspective on Compliance

We asked Max how he would explain compliance in basic terms.

“Making sure that everyone is following the rules and no one gets in trouble… It means that you have a clear, defined scope and process for everything, and that everything has been tried—and is constantly tried and tested—to make sure that risk is minimized.”

Why is it critical for Nemean Services to demonstrate compliance?

“I mean, one: It's a competitive edge,” Max points out. “We need to show that like, listen, not only are we gonna be good, we are gonna be better than our potential competition… It’s that demonstration, being able to talk through it.”

“It's the assurance. It's showing that we have been audited. Here's our SOC 2 report, here shows what we’ve been audited against. Here's us proving that what we say we do is actually done. Here's our ISO that shows we've got the framework.”

Plus, it’s a positive feedback cycle for the whole business. “By having trust, [customers are] then willing to spend more money. And then by having more money, you can improve your systems, which builds more trust.”

The Importance of Continuous Compliance

Speaking of SOC 2 reports, we dive into the topic of continuous compliance vs. point-in-time compliance.

“Once you've got your Type 2 report, no one wants to see your Type 1 report,” Max points out. “Because Type 1 is a snapshot in time, whereas Type 2 is an observation over a period. That's better because it shows continuity.”

Continuous compliance is important because things are constantly changing. Max goes on to say “One way to approach this is by looking at your information security management systems (ISMS) as a living, breathing thing.

“Things are changing constantly… there are new laws potentially being brought out. If you’re not staying on top of these things, they'll mount up and suddenly it'll be death by a thousand cuts. There'll be everything, everywhere, all at once, just caving in on top of itself.”

Max emphasizes the key to having a healthy information security management system (ISMS). “It has to be treated as if it's living. The only way you can do that is with continuous compliance—continuous observation.”

Where to Listen and Learn More

Check out the entire fifth episode of Compliance Uncomplicated on Spotify, Apple Podcasts, YouTube, and Amazon Music.

Visit Nemean Services to learn more about their services and the work they do helping investors worldwide secure their digital assets.

Want to join the conversation? You can discuss this episode on Drata’s community, Secured, or subscribe to our newsletter, Trusted, to keep up with the latest news.

Trusted Newsletter
Resources for you
Tips for Flawless Penetration Testing List

Don’t Fall For These Traps: Expert Tips for Flawless Penetration Testing

Smart SOC 2 Webinar Recap List (1)

Smart SOC 2: Automating Compliance with Drata and AWS

The Problem with Traditional GRC Solutions List

5 Ways Traditional GRC Tools Fall Short

Asset - Alexa Ovenshire Headshot
Alexa Ovenshire
Drata Multimedia Producer

Put Security & Compliance on Autopilot®

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.

Get Started
Related Resources
Tips for Flawless Penetration Testing List

Don’t Fall For These Traps: Expert Tips for Flawless Penetration Testing

How to Build an Agile Risk Management Program List

Building an Agile Risk Management Program: A Step-by-Step Guide

Cyberattacks are on the rise List

Cyberattacks are on the Rise, and They're Costing Us Billions of Dollars

User access review hero image

User Access Reviews: A Step-by-Step Guide + Checklist

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company’s security controls, while streamlining workflows to ensure audit-readiness.

Solutions

StartupScaleEnhanceDrata PlatformIntegrations
Frameworks
SOC 2ISO 27001HIPAAGDPRNIST AI Risk ManagementFedRAMPNIS 2Custom FrameworksAll Frameworks
Resources
BlogEventsWebinarsReportsSOC 2 HubISO 27001 HubProduct UpdatesCompliance GlossaryAPI Documentation
Company
Careers
HIRING
CustomersAuditorsPartnersPressContact UsLegal
Trust
Security and ComplianceTrust CenterSystem Status
Become a Trusted Newsletter Insider

The latest security and compliance news, delivered.

© 2024 Drata Inc. All rights reserved.

Privacy NoticeLegal