EPISODE · Jan 6, 2026 · 50 MIN
Why Most Security Advice Fails and What Actually Reduces Risk | Bob Lord
from The TPRM Podcast
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, host Nate Lee sits down with Bob Lord, one of the most influential voices in modern cybersecurity. Bob has led security programs at Twitter, Red Hat, Yahoo, Rapid7, and the Democratic National Committee, and later helped shape the Secure by Design initiative for the U.S. government during his time at CISA. Today, he works with policymakers and industry leaders through the Institute for Security and Technology. In this conversation, Bob introduces the concept of Hack Lore, the outdated and misleading security advice that sounds smart but distracts teams from what actually reduces risk. Together, they explore why blaming users does not work, why piling on more rules often backfires, and how security teams should think differently about incentives, priorities, and system design. They discuss: • Why most security advice fails in real-world environments • How Hack Lore creates noise instead of reducing risk • Why vendors should own security outcomes, not end users • What Secure by Design really means in practice • How incentives shape software quality and security failures • Where AI helps and where it distracts in modern security programs This episode is packed with insight for CISOs, AppSec leaders, cloud security teams, security engineers, founders, and anyone responsible for building resilient, engineering-aligned security programs. Listen and Subscribe Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=cea858d3f1e04114 Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 YouTube → https://www.youtube.com/@TPRMPodcast About the Guest Bob Lord is a veteran cybersecurity leader who has held senior roles across the private sector, government, and nonprofit organizations. His work spans enterprise security, national security, policy, and software risk, with a focus on shifting accountability upstream and improving security outcomes through better system design. About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support sustainable growth. About the Show The TPRM Podcast explores real-world conversations with security leaders who are reshaping how we think about risk, exposing the threats, pitfalls, and myths behind today’s cybersecurity challenges. Connect with Us Nate’s LinkedIn → /natetrustmind TPRM Podcast LinkedIn → /tprm-podcast Website → https://tprmpodcast.com Instagram → @TPRMPodcast TikTok → @tprmpodcast
NOW PLAYING
Why Most Security Advice Fails and What Actually Reduces Risk | Bob Lord
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m