After over a decade of working with startups, private equity, and over the last 5 years of deep big 4 client services acting in different executive roles (CISO, CIO Advisor, Board of Directors support) I am certain there is a need and lack of implementation for adapted information security that is reflective of the size, maturity, and capabilities of the business. This applies independently to the the product and the enterprise as a whole. To that end, I have begun building models of activities to match each level of maturity to try and bring clarity or at least a set of guidelines.
As I share with my clients … in some cases a founder is deciding between EATING and NOT. So every function and feature, including security habits, must contribute to the current needs!
I have begun working with several partners and venture capital firms on this model, but wanted to share a nice post that highlights some very informative ‘Patterns in Hyper-growth Organizations‘ and what needs to be considered (employee type, tools, etc..). Please check it out and I look forward to working with the community on these models.
A snippet on her approach and great details:
We’re going to look at the framework for growth. The goal is to innovate on that growth. In terms of methods, the companies I’ve explored are high-growth, technology-driven and venture-backed organizations. They experience growth and hyper-growth (doubling in size in under 9 months) frequently due to network effects, taking on investment capital, and tapping into a global customer base.
Every company hits organizational break-points. I’ve seen these happening at the following organizational sizes:
- Early : Under 15 employees
- Momentum: 15- 30 employees
- Expansion: 30 – 50 employees
- Growth: 50 – 75 employees
- Scale: 75- 150 employees
- Dunbar: 150+ employees