Patching Is Not a Security Strategy | Jerry Perullo episode artwork

EPISODE · May 26, 2026 · 53 MIN

Patching Is Not a Security Strategy | Jerry Perullo

from The TPRM Podcast

Most security teams still treat patching as the front line of defense. But what happens when attackers move faster than your remediation cycle, vulnerabilities are discovered at machine speed, and security teams are still optimizing around outdated assumptions? In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Jerry Perullo, former CISO of Intercontinental Exchange, where he spent more than two decades securing critical infrastructure, including the New York Stock Exchange. Jerry is now Founder & CTO of Adversarial, Professor at Georgia Tech, and co-host of The Adversarial Podcast. The conversation explores why many security programs are still solving the wrong problems. Jerry breaks down the difference between threats and risks, why organizations often confuse activity with progress, and how security leaders should think more intentionally about tradeoffs, governance, and real business impact. Nate and Jerry unpack why vulnerability management has become overly narrow, why patching alone cannot be the strategy, and what organizations should be doing instead to reduce real exposure. They also discuss board communication, security decision-making, vendor-driven fear, and how security teams can avoid reacting to every headline while staying grounded in what actually matters. Jerry shares practical lessons from securing some of the world’s most critical financial infrastructure, including how mature organizations think about prioritization, resilience, and continuous improvement when the stakes are exceptionally high. This episode is essential listening for CISOs, security leaders, risk practitioners, and security teams trying to build programs grounded in reality instead of noise. Listen and SubscribeSpotify - https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=1c7d77143ad7424aApple Podcasts - https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699YouTube - https://youtube.com/@TPRMPodcast Episode SponsorThis episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews. TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms. Learn more athttps://trustmind.com About the GuestJerry Perullo is the Founder & CTO of Adversarial, a former CISO of Intercontinental Exchange, and a Professor at Georgia Tech. Over a 20+ year career leading security for critical financial infrastructure, including the New York Stock Exchange, Jerry developed practical approaches to cyber risk management, governance, and adversarial resilience. He is also co-host of The Adversarial Podcast, where he explores modern cybersecurity strategy with fellow former CISOs and security leaders. About the HostNate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business-aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth. About the ShowThe TPRM Podcast features real-world conversations with security leaders who are reshaping how we think about cybersecurity and risk. Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.

NOW PLAYING

Patching Is Not a Security Strategy | Jerry Perullo

0:00 53:17

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of The TPRM Podcast?

This episode is 53 minutes long.

When was this The TPRM Podcast episode published?

This episode was published on May 26, 2026.

What is this episode about?

Most security teams still treat patching as the front line of defense. But what happens when attackers move faster than your remediation cycle, vulnerabilities are discovered at machine speed, and security teams are still optimizing around outdated...

Can I download this The TPRM Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!