The Detection at Scale Podcast is dedicated to helping security practitioners and their teams succeed at managing and responding to threats at a modern, cloud scale. Every episode is focused on actionable takeaways to help you get ahead of the curve and prepare for the trends and technologies shaping the future.
Episodes
4 days ago
4 days ago
In this episode of Detection at Scale, Jack speaks with Jacob DePriest, VP of Security/CISO at 1Password, who shares insights from his 15-year journey from the NSA to leading security at GitHub through his current role. Jacob discusses his framework for assessing security programs with fresh eyes, emphasizing business objectives first, then addressing risks, and finally implementing the right security measures.
He also explores how generative AI can enhance security operations while maintaining that human expertise remains essential for understanding threat intent. As 1Password transforms from a password manager to a multi-product security platform, Jacob outlines his approach to scaling security through engineering partnerships and automation, while offering practical leadership advice on building relationships, maintaining work-life balance, and aligning security initiatives with business goals.
Topics discussed:
- Transitioning from engineering to security leadership and how that technical background provides empathy when implementing security controls.
- Approaching security program assessment by first understanding business objectives, then identifying risks, and finally implementing appropriate measures.
- Exploring 1Password's evolution from a password management product to a multi-product security company with extended access management.
- Balancing generative AI's capabilities with human expertise in security operations, recognizing AI's limitations in understanding intent.
- Leveraging AI to enhance incident response through automated summaries and context gathering to speed up triage processes.
- Implementing AI applications in GRC functions like vendor reviews and third-party questionnaires to increase efficiency and reduce tedium.
- Building sustainable security operations by ensuring security tools have proper access to data through education and partnership.
- Addressing the varying security postures across the vendor landscape through a risk-based approach focusing on access and visibility.
- Scaling security teams by clearly connecting their work to business objectives and ensuring team members understand why their tasks matter.
- Three pillars of security leadership: building a trusted network, establishing sustainable work-life balance, and connecting security to business goals.
Listen to more episodes:
Comments (0)
To leave or reply to comments, please download free Podbean or
No Comments
To leave or reply to comments,
please download free Podbean App.