Yet security work is never done.
The more pride we take in our work, the harder those adversaries try to undermine our efforts. We have written a white paper to share how Dwolla does security and the thoughtful approach Dwolla takes with InfoSec.
Ben Schmitt, Dwolla’s Vice President of Information Security, is a believer in playing very good defense against prospective threats.
As a member of SecDSM—a monthly meetup providing networking opportunities for InfoSec professionals—Schmitt says he’s learned that simply being a “defender,” without understanding who he is defending against, is only half the battle.
That knowledge has affected many of his InfoSec philosophies.
“So now we are continuously testing because we should know some adversarial techniques,” Schmitt says. “There are tools and techniques we can use against ourselves to validate that our controls are working. So my team’s job isn’t just to play elite defense, it’s to know how the offense works too. For example, we monitor for lateral movement across systems and validate our alerting through the generation of inter-segment traffic attempts.”
Dwolla’s InfoSec team put together the following White Paper to go into detail about the sophisticated practices Dwolla uses to protect and store data. The White Paper discusses cryptography, endpoint security, border protection and what we provide customers looking to integrate with Dwolla.