PODCAST · technology
The TPRM Podcast
by Nate Lee
Real conversations about security, risk, and the trade-offs behind modern business. Hosted by Nate Lee, CISO and founder of Cloudsec.ai.
-
14
The Bugpocalypse Is Here: AI, Security & the Future of Software
Most conversations about AI and cybersecurity focus on a simple question: Will AI help defenders, or will it help attackers? But that may be the wrong question entirely. In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Trey Ford, Chief Strategy & Trust Officer at Bugcrowd, former General Manager of Black Hat, former CISO of Deepwatch, and former security leader at Salesforce and Heroku. The conversation explores what Trey calls the "Bugpocalypse" and why AI is fundamentally changing the economics of vulnerability discovery. As AI dramatically lowers the cost of finding security flaws, organizations are entering a world where vulnerabilities can be discovered faster than ever before. The challenge is no longer simply finding problems. The challenge is validating them, prioritizing them, and deciding what to do when security teams are suddenly faced with thousands of findings and limited resources. Nate and Trey discuss how bug bounty programs are evolving, why AI is accelerating both offensive and defensive security capabilities, and how organizations need to move beyond individual vulnerabilities and start thinking in systems. They explore the future of software security, AI-assisted development, vulnerability management, technical debt, and why many organizations may need to rethink long-held assumptions about patching, remediation, and risk management. The conversation also dives into AI governance, agentic systems, security operations, and the challenges security leaders face as every department begins adopting AI-powered tools faster than organizations can fully understand or govern them. Trey shares lessons from decades of experience across consulting, vulnerability research, security leadership, and some of the industry's most influential organizations, offering practical insights into how security teams can adapt to a rapidly changing landscape. This episode is essential listening for CISOs, security leaders, developers, risk practitioners, and anyone trying to understand how AI is reshaping cybersecurity. Listen and Subscribe Spotify - https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=1c7d77143ad7424a Apple Podcasts - https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 YouTube - https://youtube.com/@TPRMPodcast Episode Sponsor This episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews. TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms. Learn more at https://trustmind.com About the Guest Trey Ford is Chief Strategy & Trust Officer at Bugcrowd. Previously, Trey served as General Manager of Black Hat, Chief Information Security Officer at Deepwatch, and held security leadership roles at Salesforce and Heroku. He began his career as a security consultant and PCI assessor and has spent decades helping organizations understand and manage cyber risk. His work spans vulnerability research, security operations, product security, bug bounty programs, governance, and cybersecurity strategy. About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business-aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth. About the Show The TPRM Podcast features real-world conversations with security leaders who are reshaping how we think about cybersecurity and risk. Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.
-
13
Patching Is Not a Security Strategy | Jerry Perullo
Most security teams still treat patching as the front line of defense. But what happens when attackers move faster than your remediation cycle, vulnerabilities are discovered at machine speed, and security teams are still optimizing around outdated assumptions? In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Jerry Perullo, former CISO of Intercontinental Exchange, where he spent more than two decades securing critical infrastructure, including the New York Stock Exchange. Jerry is now Founder & CTO of Adversarial, Professor at Georgia Tech, and co-host of The Adversarial Podcast. The conversation explores why many security programs are still solving the wrong problems. Jerry breaks down the difference between threats and risks, why organizations often confuse activity with progress, and how security leaders should think more intentionally about tradeoffs, governance, and real business impact. Nate and Jerry unpack why vulnerability management has become overly narrow, why patching alone cannot be the strategy, and what organizations should be doing instead to reduce real exposure. They also discuss board communication, security decision-making, vendor-driven fear, and how security teams can avoid reacting to every headline while staying grounded in what actually matters. Jerry shares practical lessons from securing some of the world’s most critical financial infrastructure, including how mature organizations think about prioritization, resilience, and continuous improvement when the stakes are exceptionally high. This episode is essential listening for CISOs, security leaders, risk practitioners, and security teams trying to build programs grounded in reality instead of noise. Listen and SubscribeSpotify - https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=1c7d77143ad7424aApple Podcasts - https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699YouTube - https://youtube.com/@TPRMPodcast Episode SponsorThis episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews. TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms. Learn more athttps://trustmind.com About the GuestJerry Perullo is the Founder & CTO of Adversarial, a former CISO of Intercontinental Exchange, and a Professor at Georgia Tech. Over a 20+ year career leading security for critical financial infrastructure, including the New York Stock Exchange, Jerry developed practical approaches to cyber risk management, governance, and adversarial resilience. He is also co-host of The Adversarial Podcast, where he explores modern cybersecurity strategy with fellow former CISOs and security leaders. About the HostNate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business-aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth. About the ShowThe TPRM Podcast features real-world conversations with security leaders who are reshaping how we think about cybersecurity and risk. Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.
-
12
GRC Is Solving the Wrong Problem in an AI World | Ayoub Fandi
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Ayoub Fandi, GRC Engineering Lead at GitLab and creator of the GRC Engineer podcast and newsletter. As AI reshapes how security teams operate, many GRC programs are still built around audits, frameworks, and compliance driven workflows. Ayoub explains why this model is quickly losing relevance and why simply automating existing processes often leads to solving the wrong problems faster. The conversation explores how security teams need to rethink their operating models in an AI driven world. Nate and Ayoub discuss the shift from compliance driven programs to risk driven decision making, and why teams must move beyond audit cycles and start rebuilding workflows from first principles. They also examine how AI is changing the nature of work inside security, why compliance is becoming table stakes, and why risk management remains one of the most complex and human parts of security. This shift is forcing organizations to rethink how they approach workflows, decision making, and collaboration across teams. Beyond tooling, the discussion dives into systems thinking, stakeholder alignment, and how GRC teams can become more embedded within engineering, security, and the broader business. This episode is essential listening for CISOs, security leaders, engineers, and practitioners navigating AI driven change, modern security architecture, and the evolving role of security teams. Listen and SubscribeSpotify - https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=c862255fc2b84d12 Apple Podcasts - https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 YouTube - https://youtube.com/@TPRMPodcast Episode SponsorThis episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews. TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms. Learn more at https://trustmind.com About the GuestAyoub Fandi is the GRC Engineering Lead at GitLab and creator of the GRC Engineer podcast and newsletter. He focuses on rethinking how governance, risk, and compliance evolve in an AI driven world. His work centers on applying systems thinking, automation, and engineering principles to modernize GRC programs and better align them with modern security practices. About the HostNate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth. About the ShowThe TPRM Podcast features real world conversations with security leaders who are reshaping how we think about cybersecurity and risk. Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.
-
11
AI Is Breaking Security as We Know It | Michael Coates
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Michael Coates, Founding Partner at Seven Hill Ventures and former CISO of Twitter, Mozilla, and CoinList. As AI continues to accelerate both attack speed and capability, the gap between attackers and defenders is rapidly shrinking. Michael explains how automated attacks are compressing response times to the point where human driven security models are no longer viable, and why organizations must begin removing humans from critical decision loops. The conversation explores how security teams need to rethink their operating models in an AI driven world. Nate and Michael discuss the future of the SOC, the rise of automation and agent driven workflows, and why many traditional security practices may soon become obsolete. They also examine how AI is lowering the barrier to entry for attackers, enabling capabilities that were once limited to nation state actors. This shift is forcing organizations to move faster, experiment more, and rethink how they balance risk, speed, and innovation. Beyond technology, the discussion dives into how roles inside security teams are evolving, what skills will matter most going forward, and why security leaders must shift from gatekeepers to enablers of business velocity. This episode is essential listening for CISOs, security leaders, and practitioners navigating AI driven threats, modern security architecture, and the rapidly changing role of cybersecurity. Listen and Subscribe Spotify - https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=c862255fc2b84d12 Apple Podcasts - https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 YouTube - https://youtube.com/@TPRMPodcast Episode Sponsor This episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews. TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms. Learn more at https://trustmind.com About the Guest Michael Coates is the Founding Partner at Seven Hill Ventures and former CISO of Twitter, Mozilla, and CoinList. He has spent his career building and scaling security programs at some of the most influential technology companies while also advising and investing in the next generation of cybersecurity startups. Michael brings a unique perspective across operator, founder, and investor roles, with deep expertise in modern security architecture, risk, and the evolving impact of AI on cybersecurity. About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth. About the Show The TPRM Podcast features real world conversations with security leaders who are reshaping how we think about cybersecurity and risk. Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.
-
10
How AI Is Reshaping Cyber Attacks and Defense | Conor Sherman
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Conor Sherman, CISO in Residence at Sysdig and host of the Zero Signal Podcast. As AI rapidly reshapes the cybersecurity landscape, both attackers and defenders are beginning to automate their operations in ways that were not possible just a few years ago. Conor explains how threat actors are already using AI driven techniques to accelerate attacks and why traditional security operating models are starting to struggle to keep up. The conversation explores how defenders should rethink security strategy in a world where attacks can move from discovery to exploitation in minutes. Nate and Conor discuss autonomous defense, the limits of human driven response models, and why security teams must begin designing systems that can react at machine speed. They also examine the role of the modern CISO, the importance of resilience over perfection, and how security leaders can help their organizations adopt AI safely while still moving fast enough to stay competitive. This episode is essential listening for CISOs, security leaders, and practitioners navigating AI driven threats, modern cloud security, and the evolving role of security leadership. Listen and Subscribe Spotifyhttps://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=1c7d77143ad7424a Apple Podcastshttps://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 YouTubehttps://youtube.com/@TPRMPodcast Episode Sponsor This episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews. TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms. Learn more athttps://trustmind.com About the Guest Conor Sherman is the CISO in Residence at Sysdig and the host of the Zero Signal Podcast. In his role he works closely with security leaders and organizations navigating modern cloud threats and the rapidly evolving AI powered threat landscape. Conor advises companies on building resilient security programs, adapting defenses to emerging attack techniques, and helping security teams operate effectively as both attackers and defenders begin using AI driven tools. About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth. About the Show The TPRM Podcast features real world conversations with security leaders who are reshaping how we think about cybersecurity and risk. Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.
-
9
The Real Risk of AI: Moving Too Fast or Too Slow? | Jacob DePriest, CISO 1Password
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Jacob DePriest, Chief Information Security Officer at 1Password. As AI adoption accelerates across enterprises, security leaders are facing a new tension. Move too fast, and you increase exposure. Move too slow and teams find their own tools, bypassing controls entirely. Jacob shares how security teams should think about enabling innovation without sacrificing visibility. The conversation explores agent security, auditability challenges, identity and authorization concerns, and why traditional controls like least privilege still matter in an AI-driven world. They also discuss the operational reality of agents acting on behalf of users, how security teams can maintain traceability, and why the business risk of under-adoption may be just as serious as the technical risk of over-adoption. This episode is essential listening for CISOs, security leaders, and practitioners navigating AI adoption, enterprise risk, and modern identity security. Listen and SubscribeSpotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=ef91ded2b8ac4eefApple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699YouTube → https://www.youtube.com/@TPRMPodcast Episode SponsorThis episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews.Learn more at → https://trustmind.com About the GuestJacob DePriest is the Chief Information Security Officer at 1Password. He leads security strategy and operations, focusing on balancing innovation, usability, and strong enterprise-grade controls in a rapidly evolving AI landscape. About the HostNate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai & TrustMind, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support rapid growth. About the ShowThe TPRM Podcast features real-world conversations with security leaders reshaping how we think about risk, uncovering the threats, pitfalls, and myths behind modern cybersecurity programs.
-
8
Agentic GRC, SOC 2, and Why Data Beats Compliance with Jake Bernardes
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee talks with Jake Bernardes, Chief Information Security Officer at Anecdotes and former CISO at Whistic, known for his candid, data-first approach to GRC and third-party risk. Jake brings deep experience across GRC, TPRM, and security leadership, and is an outspoken voice on why traditional compliance frameworks like SOC 2 have become procurement shortcuts rather than meaningful security signals. He shares a pragmatic view on what is broken in modern GRC and what it will take to fix it. They explore what agentic GRC actually means beyond the marketing hype, why data quality and completeness are foundational for AI-driven security workflows, and how treating GRC as an engineering problem can fundamentally change how risk is assessed. The conversation also covers trust centers, machine-readable evidence, the future of audits and certifications, and how real security data could replace checkbox-based assessments. Jake also shares direct career advice for security and GRC professionals, including why networking matters more than certifications, what it really means to be an effective CISO, and why security leaders should be driving business outcomes rather than positioning themselves as cost centers. This episode is packed with insight for CISOs, security leaders, GRC and TPRM practitioners, and anyone thinking seriously about the future of compliance, trust, and risk. Listen and Subscribe- Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=bf17a655fc0049f9 - Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699- YouTube → @TPRMPodcast About the GuestJake Bernardes is the Chief Information Security Officer at Anecdotes and former CISO at Whistic. He has extensive experience leading GRC, TPRM, and security programs and is a strong advocate for transparency, data-driven risk assessment, and treating GRC as an engineering discipline. About the HostNate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support rapid growth. About the ShowThe TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk, uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges. Nate’s LinkedIn → /natetrustmindTPRM Podcast LinkedIn → /tprm-podcastWebsite → https://tprmpodcast.comInstagram → @TPRMPodcastTikTok → @tprmpodcast
-
7
Security Without Waste: Rethinking Budgets, Tools, and Risk with Ross Young
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — Nate Lee talks with Ross Young, a former CISO and longtime security leader known for his pragmatic, outcome-driven approach to cybersecurity. Ross brings experience from the intelligence community, including over a decade in government service, as well as senior security leadership roles at Capital One and Caterpillar Financial. He’s also the co-host of the CISO Tradecraft podcast and the author of Cybersecurity’s Dirty Secret: Why Most Budgets Go to Waste. They explore why so much security spending fails to meaningfully reduce risk, why legacy assumptions continue to shape modern programs, and how CISOs can rethink budgeting, tooling, and prioritization. The conversation covers zero-based budgeting, tool sprawl and rationalization, third-party risk incentives, and how AI is rapidly changing both attack velocity and defensive strategy. Ross shares practical frameworks for aligning spend with real threats, improving patching speed, and making smarter tradeoffs; without simply asking for more budget. This episode is packed with insight for CISOs, security leaders, risk executives, and anyone responsible for building security programs that actually work. Listen and SubscribeSpotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=bf17a655fc0049f9Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699YouTube → @TPRMPodcast About the GuestRoss Young is a former CISO with leadership experience at Capital One and Caterpillar Financial, following more than a decade in the intelligence community. He is the co-host of the CISO Tradecraft podcast and the author of Cybersecurity’s Dirty Secret: Why Most Budgets Go to Waste, where he focuses on helping security leaders spend smarter and reduce real-world risk. About the HostNate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support rapid growth. About the ShowThe TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges. All right. OkayNate’s LinkedIn → /natetrustmindTPRM Podcast LinkedIn → /tprm-podcastWebsite → tprmpodcast.comInstagram → @TPRMPodcastTikTok → @tprmpodcast
-
6
Why Most Security Advice Fails and What Actually Reduces Risk | Bob Lord
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, host Nate Lee sits down with Bob Lord, one of the most influential voices in modern cybersecurity. Bob has led security programs at Twitter, Red Hat, Yahoo, Rapid7, and the Democratic National Committee, and later helped shape the Secure by Design initiative for the U.S. government during his time at CISA. Today, he works with policymakers and industry leaders through the Institute for Security and Technology. In this conversation, Bob introduces the concept of Hack Lore, the outdated and misleading security advice that sounds smart but distracts teams from what actually reduces risk. Together, they explore why blaming users does not work, why piling on more rules often backfires, and how security teams should think differently about incentives, priorities, and system design. They discuss: • Why most security advice fails in real-world environments • How Hack Lore creates noise instead of reducing risk • Why vendors should own security outcomes, not end users • What Secure by Design really means in practice • How incentives shape software quality and security failures • Where AI helps and where it distracts in modern security programs This episode is packed with insight for CISOs, AppSec leaders, cloud security teams, security engineers, founders, and anyone responsible for building resilient, engineering-aligned security programs. Listen and Subscribe Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=cea858d3f1e04114 Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 YouTube → https://www.youtube.com/@TPRMPodcast About the Guest Bob Lord is a veteran cybersecurity leader who has held senior roles across the private sector, government, and nonprofit organizations. His work spans enterprise security, national security, policy, and software risk, with a focus on shifting accountability upstream and improving security outcomes through better system design. About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support sustainable growth. About the Show The TPRM Podcast explores real-world conversations with security leaders who are reshaping how we think about risk, exposing the threats, pitfalls, and myths behind today’s cybersecurity challenges. Connect with Us Nate’s LinkedIn → /natetrustmind TPRM Podcast LinkedIn → /tprm-podcast Website → https://tprmpodcast.com Instagram → @TPRMPodcast TikTok → @tprmpodcast
-
5
Security at AI Speed: Supply Chain Risk, Big Data & the Questionnaire Myth with Mike Johnson
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — host Nate Lee sits down with Mike Johnson, who led security as CISO at Lyft, Fastly, and now, Rivian, to explore what modern security really looks like at AI speed. Mike has had a front-row seat to the evolution of security — from the early days of SaaS and hyperscale cloud platforms to today’s world of AI-driven attacks, software supply chain risk, and software-defined vehicles. He brings a pragmatic, experience-backed perspective on what actually works when security has to scale fast. They discuss: • Why security questionnaires fail — and what reflects real risk instead • How AI is accelerating both attacks and detection • The growing threat of software supply chain vulnerabilities • Why security teams must treat telemetry as a big-data problem • Lessons from securing SaaS, consumer-scale systems, and global infrastructure • What “minimum viable security” really means for vendors • The rise of automated exploitation and AI-driven attack chaining • How defenders can finally gain leverage through context • Why inventory and hygiene remain foundational controls • What modern resilience looks like when third-party failures are inevitable This episode delivers high-signal insight for CISOs, security leaders, founders, AppSec engineers, cloud security teams, and anyone building modern, engineering-aligned security programs. Listen and Subscribe - Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA - Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast-threats-pitfalls-and-risk-myths/id1848217699 - YouTube → @TPRMPodcast About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity and strengthen trust. About the Show The TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges. Connect with Us Nate’s LinkedIn → https://www.linkedin.com/in/natetrustmind/ TPRM Podcast LinkedIn → https://www.linkedin.com/company/tprm-podcast/ Website → tprmpodcast.com Instagram → @TPRMPodcast TikTok → @tprmpodcast Cybersecurity, CISO, CloudSecurity, AIinSecurity, SupplyChainSecurity, VendorRisk, SecurityLeadership, DetectionEngineering, BigDataSecurity, SoftwareSupplyChain, AppSec, DevSecOps, RiskManagement, TPRMPodcast, SecurityArchitecture, StartupSecurity, NateLee, MikeJohnson
-
4
Paved Roads & Guardrails: AI, Identity, and the Future of Security with Jason Chan
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — host Nate Lee sits down with Jason Chan, former VP of Information Security at Netflix, to explore how engineering-led security, paved roads, and guardrails—not gates—reshaped modern cloud security. Jason spent nearly a decade building one of the most influential security programs in tech. His work on paved roads, automation, least privilege, and engineering-aligned controls helped define how today’s high-velocity organizations approach risk, resilience, and scale. They discuss: • What the paved road was originally intended to be — and how it’s widely misunderstood Why guardrails outperform gates in fast-moving engineering environments The real reason vulnerability management is stuck, and how to fix it How AI will enable security teams to scale sub-linearly — and the new risks it introduces Build vs. buy in 2025 and where security teams should invest Why vendor questionnaires rarely predict actual risk Identity as the new perimeter — including non-human identities and agents What resilience really means when third-party failures are inevitable This episode delivers high-signal insight for CISOs, security leaders, founders, AppSec engineers, and anyone designing or evaluating modern security programs built for speed, trust, and scale. Listen and Subscribe Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast-threats-pitfalls-and-risk-myths/id1848217699 YouTube → @TPRMPodcast About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity and strengthen trust. About the Show The TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges. Connect with Us Nate’s LinkedIn → https://www.linkedin.com/in/natetrustmind/ TPRM Podcast LinkedIn → https://www.linkedin.com/company/tprm-podcast/ Website → tprmpodcast.com Instagram → @TPRMPodcast TikTok → @tprmpodcast Tags: Cybersecurity, CISO, CloudSecurity, EngineeringSecurity, PavedRoad, GuardrailsNotGates, NetflixSecurity, AIinSecurity, IdentitySecurity, SublinearScaling, RiskManagement, TPRMPodcast, SecurityArchitecture, VendorRisk, DevSecOps, StartupSecurity, NateLee, JasonChan
-
3
The Runtime Era: AI Agents, Identity, and the Future of Cloud Security with Rinki Sethi
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — host Nate Lee sits down with Rinki Sethi, Chief Security and Strategy Officer at Upwind Security, to explore how the runtime era is reshaping the future of cybersecurity. Rinki brings over two decades of experience including being CISO at companies such as Twitter, Rubrik and Bill.com, as well as her work as a board member at multiple companies and co-founder of Lockstep Ventures. Her perspective offers a rare view into where security is headed as data volume explodes and AI-driven systems gain real decision power. They discuss: Why runtime security is becoming essential for modern cloud environments The convergence of identity, privileged access, and agentic systems How data scale is transforming detection, response, and resilience What boards actually want from CISOs; and which metrics don’t matter The future of GRC, red teaming, and AI-assisted security teams What early-stage cyber innovation is signaling about the next decade This episode delivers high-signal insight for CISOs, security leaders, founders, and anyone building or evaluating modern security programs in an AI-driven world. Listen and Subscribe Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=80c2ae161f034833 Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast-threats-pitfalls-and-risk-myths/id1848217699 YouTube → @TPRMPodcast About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity and strengthen trust. About the Show The TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges. Connect with Us Nate’s LinkedIn → https://www.linkedin.com/in/natetrustmind/ TPRM Podcast LinkedIn → https://www.linkedin.com/company/tprm-podcast/ Website → tprmpodcast.com Instagram → @TPRMPodcast TikTok → @tprmpodcast Tags: Cybersecurity, CISO, RuntimeSecurity, CloudSecurity, IdentitySecurity, RiskManagement, TPRMPodcast, SecurityInnovation, RinkiSethi, UpwindSecurity, NateLee, CyberLeadership, AIinSecurity, StartupSecurity, BoardConversations, RedTeam, GRC
-
2
Aaron Stanley on Balancing Control, Velocity, and Trust in SaaS
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — host Nate Lee talks with Aaron Stanley, VP of Security at dbt Labs and former Head of Cybersecurity at Twilio, about what it really takes to scale security without slowing down your teams or your business. Aaron shares his approach to building security programs that keep up with growth — balancing innovation, risk management, and developer velocity. Together, they unpack what “secure by design” actually means in a fast-moving SaaS environment. They discuss: - How to align security goals with business outcomes - The trade-offs between speed and control - How to reduce friction between security and engineering - Building trust through automation and shared ownership - What modern security leaders need to prioritize in 2025 This episode offers clear, real-world insight for CISOs, security leaders, and SaaS founders looking to turn security into a growth enabler instead of a blocker. Listen and Subscribe Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=80c2ae161f034833 Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast-threats-pitfalls-and-risk-myths/id1848217699 YouTube → @TPRMPodcast About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity and strengthen trust. About the Show The TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges. Connect with Us LinkedIn → https://www.linkedin.com/in/natetrustmind/ Website → tprmpodcast.com Instagram → @TPRMPodcast TikTok →@tprmpodcast #CyberSecurity #TPRMPodcast #AaronStanley #dbtLabs #NateLee #SecurityLeadership #RiskManagement #DeveloperVelocity #CISO #SaaS #SecurityCulture #Trust #StartupSecurity #BusinessSecurity #SecurityPodcast
-
1
Inviting the Hackers In: Turning External Risk into Business Resilience with Alex Rice
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — host Nate Lee sits down with Alex Rice, Co-Founder and CTO of HackerOne and former Head of Product Security at Facebook, to talk about how transparency can transform the way organizations think about security and trust. Alex shares his journey building the world’s leading vulnerability disclosure platform and why openness, accountability, and community are the future of effective security. They explore: - Why transparency drives better security outcomes - Lessons learned from years of hacker–company collaboration - How to manage external risk responsibly - The evolution of bug bounty programs and vulnerability disclosure - What it takes to build trust across an entire ecosystem This episode is packed with real-world insights for CISOs, founders, and engineers looking to move from secrecy to shared accountability and make security a true business enabler. 🔗Listen and Subscribe • Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA • Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 • YouTube → https://www.youtube.com/@TPRMPodcast 👤 About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping software-first companies build business-aligned security programs that increase dev velocity, shorten sales cycles, and strengthen trust. 🎧 About the Show The TPRM Podcast brings you conversations with security leaders rethinking risk — exploring the threats, pitfalls, and myths that define today’s cybersecurity landscape. 💬 Connect with Us LinkedIn → https://www.linkedin.com/in/natetrustmind/ Website → tprmpodcast.com Instagram → @tprmpodcast TikTok → @tprmpodcast #CyberSecurity #TPRMPodcast #AlexRice #HackerOne #NateLee #Transparency #Trust #CISO #SecurityLeadership #BugBounty #VulnerabilityDisclosure #SaaS #RiskManagement #SecurityCulture #CyberRisk #SecurityPodcast
-
0
Culture as a Control: Scaling Trust Without the Checkboxes with Andrew Becherer
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — host Nate Lee sits down with Andrew Becherer, CISO at Sublime Security, former Datadog CISO and beard afficianado to unpack one of the industry’s biggest misconceptions: the belief that compliance equals security. Andrew shares candid lessons from years leading security programs at high-growth SaaS companies—how to cut through noise, align with business objectives, and build a culture of trust that actually works in practice. They discuss: - The real difference between security and compliance - How to communicate risk in language executives understand - Why culture is the strongest control in any organization - What shared responsibility means across security, engineering, and leadership - How to scale trust as your company grows This conversation will resonate with CISOs, security leaders, and founders who want to do more than check boxes — they want to lead programs that truly reduce risk. 🔗 Listen and Subscribe Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 YouTube → @TPRMPodcast 👤 About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping software-first companies build business-aligned security programs that increase dev velocity, shorten sales cycles, and strengthen trust. 🎧 About the Show The TPRM Podcast brings you conversations with security leaders rethinking risk — exploring the threats, pitfalls, and myths that define today’s cybersecurity landscape. 💬 Connect with Us LinkedIn → https://www.linkedin.com/in/natetrustmind/ Website → tprmpodcast.com Instagram → @tprmpodcast TikTok → @tprmpodcast #CyberSecurity #TPRMPodcast #AndrewBecherer #NateLee #CISO #Compliance #SecurityCulture #RiskManagement #SaaS #SecurityLeadership #Trust #VendorRisk #ContinuousSecurity #ThirdPartyRisk #CyberRisk #securitypodcast
-
-1
Automating Trust and Shortening Sales Cycles with Jadee Hanson
In this first episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — host Nate Lee sits down with Jadee Hanson, CISO at Vanta, to discuss how modern security teams can move beyond point-in-time audits and checkbox compliance. Together, they explore what it really takes to build continuous trust in today’s fast-moving SaaS world — where shared responsibility, vendor transparency, and scalable security programs are no longer optional. Jadee shares her perspective on: - The limits of traditional security questionnaires - Why continuous monitoring builds better partnerships - How security teams can reduce friction without losing control - Real-world buyer leverage when working with vendors - The future of automated trust and what buyers should expect next This conversation is packed with insights for CISOs, compliance leaders, security engineers, and founders who want to strengthen security while enabling business velocity. 🔗 Listen and Subscribe Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=7obnT2cbQYOJl-mDFHCxJA Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699 YouTube → @TPRMPodcast 👤 About the Host Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping software-first companies build business-aligned security programs that increase dev velocity, shorten sales cycles, and strengthen trust. 🎧 About the Show The TPRM Podcast explores real-world stories from leaders shaping the future of security — uncovering the threats, pitfalls, and risk myths that define today’s cybersecurity landscape. 💬 Connect with Us LinkedIn → https://www.linkedin.com/in/natetrustmind/ Website → tprmpodcast.com Instagram → @tprmpodcast TikTok → @TPRMPodcast #CyberSecurity #TPRMPodcast #Vanta #JadeeHanson #NateLee #CISO #VendorRisk #ThirdPartyRisk #Compliance #Trust #SaaS #SecurityLeadership
We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.
No matches for "" in this podcast's transcripts.
No topics indexed yet for this podcast.
Loading reviews...
ABOUT THIS SHOW
Real conversations about security, risk, and the trade-offs behind modern business. Hosted by Nate Lee, CISO and founder of Cloudsec.ai.
HOSTED BY
Nate Lee
CATEGORIES
Loading similar podcasts...