Belfast-based cybersecurity company, Vertical Structure interviewed Chris Van Es, head of engineering for Instil.
Instil is a software engineering consultancy headquartered in Northern Ireland that helps technology companies globally build the software products of the future. Founded in 2005, Instil is trusted by some of the world’s best known technology companies to create their mission-critical, mobile, desktop and cloud systems, and to train and lead their software teams for success.
Recently, Instil tasked the Vertical Structure team with helping them to achieve ISO 27001 Certification.
Q: We know that gaining ISO 27001 Certification is more than just an end-game – that the process itself can be greatly beneficial to most businesses. What did the process achieve for Instil?
A: We’re a smaller company and security has always been a focus when we’re building software. We just wanted more discipline around that. The process keeps us on the right track. It encourages us to improve our own internal processes as well.
Q: What kind of internal processes did it impact?
A: Mostly in how we secure apps and services, and also, how we manage our hardware.
Q: Are you employing mainly serverless architectures?
A: It’s a combination of serverless or more traditional architectures. It depends on our customer. We have a few projects at the moment that are all serverless. Some applications are more cloud-based, and some are monoliths with a large existing customer base that have been around for many years. We can cover the whole spectrum, really.
Q: Did you undertake any cyber security training with VSL?
A: Around every 12 to 24 months, Simon Whittaker does security training for all of our engineers – we’re now up to 30 plus full time engineers. He goes through OWASP modules, threat modelling, and real-life scenarios where they can put their penetration testing skills to test. It goes down really well – there were a lot of laughs and people really enjoy it. It’s clear that Simon really knows what he’s doing – he has the experience and knowledge and stories to back that up.
Q; How did you find working with the VSL team?
A: Fantastic, we’ve worked with them for quite a few years and we’ve always found them extremely professional, and they go out of their way to help. We worked with Keith Anderson on the ISO certification project – without his help we probably wouldn’t have got through it ourselves. Keith had all the right policies and procedures in place, and he pushed me to do it in a very collaborative, back-and-forth way.
Q: Why is cybersecurity important, in your eyes?
A: It’s all about trust – customers trust us to build reliable and secure applications for them. We owe it to them to do everything we can to minimise the risk of compromise.
