Sitemaps
Experts
DiscussionsQuestionsExperts

Roberto Arias

Information Security Specialist

Bio

Information security expert. International experience across multiple businesses from fintech to healthcare. Giving expert advice in matter of information security and privacy: Ethical Hacking, Cybersecurity, Vulnerability Assessments, Penetration Testing, Disaster Recovery Plans, Data Breaches, Cloud Security (AWS/GCP), GDPR compliance, cryptocurrencies and other related topics.

Recent Answers

Startup Consulting

Can we have employees and give them individual log in credentials?


Roberto Arias

Information Security Specialist

You would need to expand on your question, but assuming you're building a new business and you want to have individual logins for each employee as opposed to shared credentials, that's a definite yes. Shared credentials should be avoided if not banned unless needed for very special cases. This is part of the very basic security guidelines nowadays. It should be part of your Information Security Policy.

Computer Security

What are the criteria of a safe site?


Roberto Arias

Information Security Specialist

Safety and security are defined differently around the world. If I were to rank secure sites if the meet, for example, Mozilla privacy and security standards (https://foundation.mozilla.org/en/privacynotincluded/about/methodology/). Ideally, I would like to see that they have security certifications (ISO27001, SOC2 Type 2, etc) a bug bounty programme or some sort of third-party verification (pentesting, daily vulnerability scans, etc.) There are many criteria that can be applied, so if you don't want to do the checks yourself (or have an advisor to do it), perhaps you can rely on certifications if they're available.

Developers

who should I ask for help? What kind of person can help me and where could I find it?


Roberto Arias

Information Security Specialist

Of course Stack Overflow, what would be the modern programming without it?

WordPress

What challenges will I face with security and scalability using wordpress for a marketplace product?


Roberto Arias

Information Security Specialist

For a small/medium-sized project WordPress might be acceptable. However, if you plan to scale up and expect a lot of traffic it will be quite difficult to keep up. Security of WP has improved in recent years, however, it still relies in PHP one of the languages that historically has suffered of prevalent security issues. Scalability will be difficult at some point, you will need professional infrastructure to get a lot of transactions and other operations smooth. I would recommend research dedicated eCommerce platforms, remember Wordpress was originally conceived as a blogging platform.

Web Hosting

Is go daddy a good hosting option if I want to start small and scale to hundreds of thousands of users?


Roberto Arias

Information Security Specialist

GoDaddy is definitely not the best option for hosting, not even for keeping your domain! I'd recommend to get a reputable hosting company, preferrable not using a shared hosting. You can check out Google Cloud Platform or Amazon Web Services that will scale up with your needs.

Legal Advice

As a B2B video agency, what adjustments need to be done for GDPR?


Roberto Arias

Information Security Specialist

Of course, the first part of the process is to identify which personal information are you holding and for what purpose. Based on that you'll have to do an impact assessment and map where all that info is going (I assume you use third parties like Google Apps or Dropbox). You need to collect Data Protection Agreements which should cover GDPR and of course update your privacy policy. On the technical side, you need to have appropriate security for protecting such information (such using encryption in your laptop, or making sure you have "https" on you site when submitting information). The process if of course, longer than that but that gives you an idea. Depending on your size it would be a good idea to bring an external consultant to help you with the process. The UK ICO has good information about you have to do. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Mobile applications

What do you look for when selecting technical/solution architect for a cross-platform mobile app?


Roberto Arias

Information Security Specialist

Please also consider if the solutions architect have good knowledge of best security practices (or at least some working knowledge and he's able to find what's needed). The least thing you want is to have security gaps that might kill your startup with a security breach. Cross-platform apps might be tricky and interacting with external third-parties might leave you exposed to unwanted threats. Correctly managed these potential security breaches might be greatly reduced.

Healthcare

What specialty compliance/regulatory legal services are available for a healthcare marketplace startup (e.g. RocketLawyer)?


Roberto Arias

Information Security Specialist

Hi, I work in the security and privacy business in Europe and I can tell you a bit more about point d. You need to make sure you're bringing also an expert in compliance depending on your jurisdiction (e.g. HIPAA). You might need expert advice to know if you're doing enough to protect private information from patients. A lawyer might have a good knowledge of the regulations, however, a technical expert will also tell you if your measures are enough or if you're falling short and possibly liable. If you're going to do business with Europe in any length, remember that we do have quite strict guidelines about privacy and is your responsibility to adequately protect patient's information.

Growth Strategies

Where can I find a software development expert with experience in growing a technology company?


Roberto Arias

Information Security Specialist

After working quite a few years in engineering, definitely I can recommend bringing an expert that acts as you CTO which will help you grow a reliable team. She/he will be able to advise you the best option for you about growing a team. Make sure this person has the correct balance of experience in a similar project and is someone who can understand your business requirements. This expert will help you to also find some other experts you might need to get you where you want to be, or hire permanent employees if that's the best option. When you're ready to get your IT security policy as well, then drop me a line, we work with a variety of small-medium businesses with very little knowledge, sometimes, of this area.

Healthcare

Are there different rules/regulations when marketing/selling to a consumer in healthcare compared to other industries?


Roberto Arias

Information Security Specialist

Data security and privacy controls are things to consider carefully. Depending on the jurisdiction you fall in, there can even be legislation that you need to follow (e.g. HIPAA). Having a strong data protection and a clear privacy statement is not only good for your peace of mind, it also demonstrates that you care about your customers data and set you apart from other healthcare businesses. Here in the Europe there are strong directives for protecting private identifiable personal data and especially anything related to healthcare.

Contact on Clarity

$

2.00

/min

5.0 Rating


Schedule a Call
Send Message

Stats

12

Answers

12

Calls

Areas of Expertise

PrivacyInformation TechnologyInformation SecurityInformation ArchitectureCloud SecuritySecurityData PrivacySecurity AuditsSecurity ManagementInternet Security