Jim Hundemer, Kalderos' Chief Information Security Officer, has been with Kalderos since its earliest days and was among the first dozen employees hired. His ground floor involvement is a reflection of the immense significance that Kalderos has always placed on information security.
With two decades of experience in the information security space at life science companies, Jim has spent countless hours protecting data and technology infrastructure. In an interview for the Kalderos blog, Jim shares his approach to information security, how he ended up working in tech and which fast-paced sport he's played at a nationally-ranked level.
What is your approach to information security?
In a basic sense, it is guarding the security of our company's information: we're looking to protect information and secure it so that it doesn't fall into the hands of people who aren't supposed to have it.
Looking at what we're securing, it is everything from customer data, to the security of the company and its reputation, to the data and personal information of our employees. Without our employees and their trust, we don't have a company.
At Kalderos, we break down our information security into three major buckets:
- Government, risk and compliance
- Identity and access management
- Cyber security and understanding our threat landscape
To achieve these goals, we have an exceptional team and work with a host of third-party vendors who are monitoring our network around the clock. In the case of incident management, we have our plans and we have backups… and backups for the backups.
<span class="quote-author">Jim Hundemer</span>
<span class="quote-title">Chief Information Security Officer</span>
You've been with Kalderos from its earliest days—how has information security evolved from then until now?
When I first started at the company, I asked to facilitate a web application penetration test by a trusted and qualified third party agency. I wasn't sure how it would go, but the test came back with no criticals, no high findings, a couple of medium findings and a few low findings. That is an amazing result for any company, but especially for a small startup. It showed they had been building and deploying applications and infrastructure with security in mind from the beginning.
As we've grown it has been a process of looking at the three main infosec buckets and growing each one of those, taking a layered risk-based approach. Over time I've been able to hire more people and really mature each area.
What stands out about the Kalderos approach to information security?
We're focused on protecting customer data and company data, but we're also very focused on protecting our employees.
I feel strongly that our employees are just as important as anything else in our organization. That's why, for example, when we introduce new security-related initiatives we stay as hands-off as possible to effectively implement it. We don't want to slow the company's productivity down with infosec; in fact, our goal is always to increase productivity when we can.
How did you make your way to working in tech? Were you always into computers?
When I was in high school I got into technical drawing, or "drafting." Back in the day it was rulers, pencils and erasers. I decided to go to college for mechanical drafting, where I was introduced to CAD: computer-aided drafting. There was a computer in a closet-sized room and I used it to very slowly draw a circle. I decided it was too slow for me.
But a year later there was another computer that was twice as fast with instantaneous drawing. What really sold me was the ease of typing words into a text box because I had awful handwriting.
I started taking computer drafting courses and by the end of my time I figured out how to show all my drafting work in one presentation on the computer. After class, my professor pointed out to me that in building the presentation I had just done computer programming, without ever having taken a programming class. From there I enrolled in programming classes and it was all really easy and fun for me. I graduated with a computer science degree and right out of school was recruited working for a pharmacy benefit management company.
What are your favorite things to do away from the computer screen?
My wife and I live in a house in a nice lakeside community and we're always active. We have a pontoon boat we take out frequently during the warmer months. I also like to play racquetball, and I used to play a lot of tournaments—so many that I was once nationally ranked.
I love living in the Sierra Nevada foothills, between Lake Tahoe and Sacramento. There's tons of hiking, rivers, lakes, mountain biking… we also travel to Tahoe about two or three times a year. Plus my wife and I have seven kids and eight grandchildren all about 90 minutes from us.
Any last thoughts on what you'd like folks to know about information security?
We always want people to be aware, but we're not interested in being restrictive. Ultimately, I see infosec as being about the people and being embedded into the culture of our company.