Business social networking site LinkedIn has over 300 million members that trust the site to keep personal information secured. LinkedIn's full-time security team is not massive in size, yet it's able to protect users. How does LinkedIn do it?
Cory Scott, director of Information Security at LinkedIn, and his team protect the site and its members. Security involves protecting against both internal and external threats and follows a robust regimen.
LinkedIn has a number of functional security processes that are scalable, though Scott noted there are some challenges.
"The best security programs put talent ahead of everything else," he said. "So the idea is how to maximize how our talent can touch as much of our products and infrastructure as possible."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
To that end, LinkedIn does a few different things to maximize its security talent. One of those things is having "office hours" which define how others in the organization can enter the security process. There is also an optimized scoping process for each project to make sure that time and work are not wasted.
"In the last year we did 440 assessments of LinkedIn products, and that was with a staff of five people and a supporting ecosystem team," Scott said.
Watch the full video interview with Cory Scott below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.