Employee Spotlight: Kevin Winter, VP of Information Security

On a regular basis, we talk with our team members about their experience working at Canoe, and their future goals and aspirations. This week, we spoke with Kevin Winter, VP of Information Security.

What drew you to join Canoe? Are there specific aspects of the company’s trajectory that were most exciting for you?

My recent roles were focused on building Security and Compliance programs from the ground up. Initially, I was drawn to Canoe to help solidify a Security program and add a structured approach to Compliance and Security. What particularly caught my attention was Canoe’s impressive and consistent growth trajectory. It was evident that the leadership showed a need and desire to do things the right way in regards to Security and Compliance, reflecting both the company’s product offerings and the caliber of its brilliant and dedicated employees. 

What does overseeing information security look like for a SaaS company? 

Overseeing information security for a SaaS company entails adapting security programs to suit the needs of the products being offered. Given the nature of software production, there’s often a higher reliance on remote work and a bigger emphasis on data privacy.

This requires robust Governance, Risk and Compliance measures including security frameworks, policies, rules, buy in from leadership and employee training. To ensure consistency and efficacy, standardized processes must be established and rigorously enforced across the organization.

What led you to working in infosec? What do you find most rewarding? 

With around 25 years in IT, my journey into infosec began with my first roles, where I tackled the challenge of building fixes for emerging viruses. Back then, antivirus companies were slower to catch and provide resolutions for malicious activities like the Melissa virus. The thrill of deconstructing these threats, building preventative measures, and writing scripts to reverse their damage was very exciting. Fast  forward to my time at Canoe, and these experiences have provided me with a hindsight view of how to prevent and protect against security and privacy risks.

How has information security evolved over the past few years, and what innovations are you most excited about? 

This is a good question and there are so many areas where evolution has taken place in information security. One of the most exciting developments is the growth of the DevSecOps area, which is the integration of Security into application development, infrastructure development, Devops and Agile processes. 

Considering the evolution of application development, Infrastructure as code, PaaS and SaaS, the ability to spin up new environments can happen in a snap. This varies tremendously from the previous days when a server was built, perhaps from an image, and then security protocols were tacked on. This was not only a time-consuming process, but also created  opportunities to miss security reviews or cause Security to be the bottleneck at the end of the process. 

DevSecOps aims to include security as part of the process, address security issues as they arise which saves time, resources and money. Canoe has adopted this model and it has allowed the company to stay on the leading edge of creativity with the integrated reduction of risk. A dream for any security team!

Who or what has been particularly influential in your career? Why? 

The most influential experiences for me happened early in my career when I served in the US Coast Guard. The USCG’s mantra is Semper Paratus- “Always Ready”. In an environment where you must first ready yourself to help others in unpredictable emergency situations really changed my mindset at a young age. The requirement to plan ahead considering possible outcomes and practice that plan applies in a Security role today.