Unicorn CISO

We talk with Patrick Blank about what it takes to secure a fast-growing B2B company whose product includes a privileged endpoint agent deployed at massive scale. We dig into why fundamentals beat hype, how productivity shortcuts quietly create the biggest risks, and how we frame security to customers and the board without losing speed. • Patrick’s career path from banking and consulting to CISO roles and security leadership at Google DeepMind • Why privileged endpoint agents raise reliability and trust stakes for enterprise customers • How identity and access management fits alongside endpoint security and defense in depth • Using compliance as a baseline trust signal while preparing for deeper customer audits • The hidden risk of productivity workarounds and the shift with agentic AI tools • Tool sprawl as a security problem and the value of secure-by-default standards • Emerging segments like IDE-integrated AI code security and the push to reduce alert noise • Practical ways to communicate cyber risk to a board focused on growth and resilience • Preparing for a faster external attack surface by tightening fundamentals like patching 

We talk with Nuno Teodoro about how a hands-on security leader builds real defenses inside a cloud-native bank while regulators, auditors, and the business all demand speed. We dig into what changes when a fintech becomes a bank, how to use compliance to fund security maturity, and why AI-driven fraud is raising the stakes.• career path from computer engineering to application security and penetration testing• shifting from consultancy to leading security inside companies across telecom, insurance, and fintech• difference between VP of Cybersecurity and CISO roles across the three lines of defense• selecting vendors through hands-on POVs and POCs instead of only RFPs• protecting customer funds as the core cybersecurity goal in regulated banking• balancing compliance work with risk-based security priorities• navigating major frameworks and regulations like PCI DSS, SWIFT, ISO 27001, ISO 22301, PSD2, and DORA• using regulatory requirements to justify investments and close real security gaps• scaling security culture in a cloud-based AWS bank while managing control expectations• friction points in secure software development life cycle and blocking risky pull requests• communicating cyber risk to the board through business impact and clear narratives• focusing on DORA implementation plus the rise of AI-enabled fraud and account takeover threats