vCISO Insights

How Replacing My Roof Mirrored Information Security – Part 4

Part 4 in a series of articles that relates information security to replacing and constructing a shingle based roof (take it step by step!).

How Replacing My Roof Mirrored Information Security – Part 4

Baby Steps

In security, we often want to boil the ocean! Rebuilding a roof is a series of small steps. Each one significant and built upon the other.

First, the rafters, eaves, and fascia. Then, the plywood and flashing. Afterward, paper, and then finally, the shingles.

Each one building on the other. Each one insignificant alone, but fundamental together. Putting together an Information Security Program is the same way.


  • Find your unknown unknowns.
  • Stop the bleeding.
  • Put together a plan.
  • Start healing and building.
  • Revisit plan often, execute, iterate.

Moral of the Story

Rome was not built in a day. Slow and steady wins the race.

Little streams make big rivers.

You get the picture: take each step at the time. 🙂

Looking to build and secure something big? Get in touch…

If this article was helpful to you, consider subscribing to my weekly newsletter, where I share my latest commentary as a vCISO for high growth startups.

Check out how we help startups accelerate and level up their security programs through vCISO (CISO As A Service).

Ayman Elsawah
January 10, 2019
Subscribe to our newsletter!

Lorem ipsum dolor sit amet, conse. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat.