Skip to content

    Why I Joined Basis Theory as CISO

    How Basis Theory hired its CISO and his plans for using security and compliance to drive revenue
    Picture of Brandon Sterne ·
    Basis Theory News

    Love is a strong word, typically reserved for my family and my favorite music. 

    But I love security, and I love compliance. And if I do my job correctly, more and more of the security and compliance burden will shift from our customers to a platform that supports customer success and customer trust. 

    In my experience, compliance is the natural byproduct of having efficient, well-implemented security programs. We start from a place where security and privacy is built into everything we do—compliance is just a matter of proving it. 

    That’s why I joined Basis Theory as Chief Information Security Officer. I have the unique opportunity to use security as a way of driving revenue and creating value. Cybersecurity is not just a cost center, which it can be perceived as. 

    Product Fit

    As I combed through the marketing materials and spoke with other CISOs and a few investors, I’m not sure there’s a more developer-friendly payments vault in the market. Once I began digging into the developer docs and realized how easy it was to deploy these tools, there’s a reason so many customers and users love the product. 

    PCI imposes over 300 individual controls on merchants who transmit, process, and store card data. The burden on these companies can be staggering. 

    I've worked at multiple tech companies that have chosen to travel that path alone, and the cost to build and maintain that infrastructure is hard to overstate. Each PCI environment I was responsible for required dedicated teams to build, secure, and monitor it, and they had to support annual audits to keep operating. 

    Basis Theory exists to simplify our customers' lives and do all the heavy security and compliance lifting on their behalf. We can focus on creating a rock-solid, secure data platform and let our customers focus on their core business.

    In the months I've been on the job, I've already had an impact. And that’s why I joined the team—a lot of my experience is in product security, so I've been able to introduce automation to identify unused code. I've merged my first commits, which deleted several hundred lines of code we no longer needed. 

    As a security professional, that's one of the most satisfying changes to make because it reduces our attack surface and lowers the possibility of a vulnerability in that code. 

    I'm working on other changes to add more automation and efficiency to our dependency management. I'm very interested in software supply chain security and making sure we have the most trusted payment data platform in the world.

    Culture Fit

    Aside from a really great product, the people behind it is why I ultimately decided to join the Basis Theory team. Early in my interview process, I saw the founder and business leaders operating with values that truly resonated with me. They want to build a scalable business, and they want to do it smartly—not with a growth-at-all-costs mindset. 

    Having been here for just over two months, I can see I judged my coworkers correctly. They manage to keep a high degree of autonomy and ownership of each individual's work while being generous with their time and quick to jump in to help each other. Just this week, I've had teammates walk me through our test and deploy pipelines so that I can confidently make changes to our product. We have a value that our success will come as a team and not through individual heroics. It's very motivating, personally, to work in this environment, and I believe this will translate into success for the company.

    It excites me about how we can disrupt this market and take power back on behalf of our customers. We have an unorthodox thinking process and an attitude that should come through to a wide variety of professionals—whether that’s a cybersecurity practitioner, merchant, or payment professional.

    Basis Theory is a team that questions conventional wisdom and challenges our own assumptions. We’ve found that these types of thought processes are safeguards against getting lulled to sleep and missing something critical to the business. I'm excited to help deliver these values to our customers through our products, and to build a brand that is synonymous with great security.

    Hear from Basis Theory President Casey Clegg on why he joined Basis Theory

    De-Risk Payments. De-Scope Compliance.   Accelerate time-to-compliance and eliminate nearly 90% of the PCI DSS Level 1 requirements using Basis theory.  

    Stay Connected

    Receive the latest updates straight to your inbox