Program Management: Don’t Overlook Scaling When it Comes to Security

As an organization scales—whether that means adding more employees, users, or customers, or handling greater volumes of data—program managers face a wide range of critical decisions.

These aren’t just abstract concerns—they're the kind that can keep you up at night. And when you're delivering a platform to banks and customers who expect seamless, secure service, the stakes are even higher.

That’s why trusting your program to experts makes all the difference. Our very own Co-Founder, Walter H. , shares his insights on scaling securely:

“As a program manager overseeing multiple streams of data and interactions in payment-related environments, I’ve learned that security is not a one-and-done task. It’s not as simple as flipping a switch labeled “Two-Factor Authentication.” There’s a complex web of factors at play, even before you get to compliance and regulatory scrutiny. So, if we’re going back to fundamentals, here’s how I approach the landscape—no matter where you are in your journey.

1. Data Protection Hurdles

Challenges:

• Dispersed Data Repositories: Growth often brings fragmented data across various legacy and modern systems, complicating consistent security protocols.
• High-Value Target: Financial institutions are prime targets for cyberattacks due to the sensitive personal and financial data they handle.
• Elevated Insider Risk: A larger workforce and more third-party partners increase the potential for internal threats—both accidental and intentional.

Difficulties:

• Continuous Monitoring: Security isn’t static. It demands regular audits, updates, and patches to stay ahead of vulnerabilities and in line with regulations.
• Encryption Consistency: Ensuring robust encryption for data at rest and in transit, especially during migrations or cloud transitions, can be technically complex.
• Regulatory Pressure: Staying compliant with an expanding set of regulations like PCI DSS and GDPR can strain even well-staffed security teams.

2. Security Implications of Scaling

Challenges:

• Security Lagging Behind Growth: Rapid expansion can outpace the maturity of your security frameworks and policies.
• Access Management Complexity: As user roles and systems multiply, so does the difficulty of managing who has access to what.
• Cloud Misconfigurations: Moving to the cloud introduces risks like exposed data storage or incorrectly set permissions.

Difficulties:

• Incomplete Zero Trust Adoption: Implementing Zero Trust across the board is challenging, especially with legacy systems and internal resistance to change.
• Expanding API Attack Surface: With more third-party integrations, every new API becomes another potential entry point.
• Reduced Data Visibility: As data volume and velocity increase, maintaining real-time visibility into its movement and usage becomes more difficult.

3. Cultural and Operational Friction

Challenges:

• Speed vs. Security: The pressure to release features quickly often clashes with the need for thorough, deliberate security checks.
• Talent Shortages: It’s increasingly difficult to find and keep skilled security professionals in a competitive market.
• Complex Incident Response: As systems and customer bases grow, responding effectively to security incidents requires a scalable strategy.

Difficulties:

• Executive Scrutiny Post-Incident: A breach in the financial sector can bring not just reputational damage but intense stakeholder pressure.
• Loss of Customer Trust: Customers hold financial services to high security standards, and rightfully so. One incident can undermine years of trust.
• Third-Party Risk Management: As reliance on external vendors increases, so does the need to ensure their security standards meet your own.

Scaling securely is hard—but it's possible with clear-eyed planning, the right partnerships, and a commitment to building a security-first culture. These are the considerations I use to guide my approach, and hopefully they offer a helpful lens wherever you are in your own growth journey.”