Reputational Risk and Third-Party ValidationCA Veracode's Ryan Davis on the Value of Security Ratings
Security ratings are increasingly popular as a means of selecting and monitoring vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses.
"Taking somebody's word for it isn't enough these days," says Davis, an Information Security Manager at CA Veracode. "You can't just say 'Oh, yeah, well that person said they're secure ..."
For CA Veracode, security ratings provided by BitSight offer validation to prospective customers. "We want [customers] to be able to have that comfort that somebody else is also asserting that we're secure."
In an interview about the value of security ratings, Davis discusses:
- How he employs BitSight Security Ratings;
- The business value - internally and externally;
- How these ratings can be a competitive differentiator.
Davis is CA Veracode's Information Security Manager. He is responsible for ensuring the security and compliance of thousands of assets in a highly scalable SaaS environment. Davis has more than 15 years of experience in information technology and security in various industries.
Prior to joining CA Veracode, Davis supported a number of different Department of Defense customers at MIT Lincoln Laboratory in various Information Assurance roles.