COVER STORY
nd-user
Steve Kinman, Zalando’s Group CISO
A company’s success can heavily
be defined by the strength of
its cybersecurity strategy when
responding to and preparing
for cyberattacks. Steve Kinman,
Zalando’s Group CISO, discusses
the company’s cybersecurity
approach and how it has
overcome security challenges
during COVID-19.
ZALANDO PROFITS
FROM ROBUST
CYBERSECURITY
APPROACH
s one of Europe’s leading
A
eCommerce companies,
Zalando offers fashion
and lifestyle products to
customers across the region. Having a
robust cybersecurity strategy in place
is a defining factor to its success and
crucial to prosperity. Steve Kinman,
Group CISO, Zalando, explains more.
Can you tell us about your
role and how it contributes to
Zalando’s security efforts?
I am the Group CISO and was hired to
change the way we visualise security,
the overall strategy, and how we put
security operations, product security
and baseline controls in place. I cover
all of our customer-facing products
like Zalando Fashion Store, Zalando
Lounge, Zalon, and our Partner Platform
product security.
How does Zalando ensure
it operates with a strong
cybersecurity posture?
In my background, I’ve created
everything based on frameworks, so
I generally take NIST 800-53 Risk
Framework controls and then tailor it
with more specific controls to meet
the company’s required needs. We
call these ‘Core Controls’. Everything
we implement, no matter if it is teams,
technology, or processes, is tied back
to those core controls, and they are our
NorthStar when designing principles,
policies, standards, or guidelines.
Once the controls are in place and
continuously monitored for effectiveness,
we complete quarterly assurance testing
combined with internal and external
assessments and base our overall
security posture on that testing outcome.
These controls are essential when things
www.intelligentciso.com | Issue 28
51