Introducing the LifeOmic Top Ten

It’s been almost six months since I joined LifeOmic, a life sciences / biotech cloud software startup with a mission to help turn precision medicine into a reality. A world-class team of scientists, clinicians and software developers came together to combine cloud software, genomics, machine learning and clinical experience to create a platform capable of ushering in the age of precision medicine.

This mission, in the age of constant and increasingly sophisticated cyberattacks, undoubtedly requires best-in-class cybersecurity.

The past five and a half months have been one of the most exciting and rewarding journeys of my career. Together with the rest of my security team and a strong collaboration with engineering, we implemented no less than eight security solutions, established secure SDLC processes, performed risk assessment and penetration testing, achieved HIPAA compliance, and started automating security testing, production change management and centralized security orchestration. We also realized there were gaps in what is available in the market, so we implemented what would become JupiterOne.

We achieved and learned a lot.

One morning, I was chatting with Phil Gates-Idem (Software Architect at LifeOmic) and Chris Hemp (Director of Development at LifeOmic) as Phil and I prepared for a security talk we were about to give at the local (ISC)2 chapter meeting. I summarized our security model into seven principals, and I needed a catchy moniker. After some short brainstorming and googling, we settled on the Magnificent Seven. That same afternoon, the seven principals became eight; and the Magnificent Seven turned into our Essential Eight – that’s how fast we evolve. 😉

A few weeks later, more feedback and learning was adopted. And it gave life to, you guessed it – The “LifeOmic Top Ten”.

The LifeOmic Top Ten

A data-centric, cloud-native security model I also refer to as ZeroTrust+. #zerotrustplus

Seven ate nine, in case any of you wonder why we skipped nine. Or maybe we were just following an industry trend set by tech giants like Apple and Microsoft. (Ok, that’s my last poor attempt at humor.)

I’d like share some of my learnings by walking through these ten items. Here they are. And check out lifeomic.com/security for a bit more detail on each one.

  1. Data-centric model; Zero-trust architecture
  2. “Air-Gapped” environments meet short-lived processes
  3. Least-privilege, need-based temporary access
  4. Immutable builds and deploys
  5. End-to-end data protection
  6. Strong yet flexible user access
  7. Watch everything, even the watchers
  8. Usable security
  9. Centralized and automated operations
  10. Regulatory compliant and hacker verified

Using these lessons, we created JupiterOne to help other companies accelerate compliance and certifications and operationalize security in a resource and cost effective way.

This article was originally published on LinkedIn.