Elliot Colquhoun, VP of Information Security + IT at Airwallex, has developed a cutting-edge AI-driven security program, protecting 1,800 employees with just 9 engineers. He discusses the revolutionary approach of using AI to contextualize security alerts, mimicking top engineer decision-making. Elliot shares his journey from Palantir to fintech, emphasizing a focus on hiring engineers with entrepreneurial skills rather than traditional backgrounds. He also explores navigating global regulatory compliance while maintaining security integrity, highlighting the future of adaptive security solutions.
29:29
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
question_answer ANECDOTE
Elliot's Palantir Experience
Palantir empowered Elliot to tackle critical real-world problems across industries.
He experienced firsthand how technology can help solve complex situations like crime investigations.
insights INSIGHT
Tailoring Global Security Programs
Tailored regional understanding is key for successful global security programs.
Different communication platforms and cultures require customized security approaches.
volunteer_activism ADVICE
Prioritize Security By User Risk
Prioritize security controls based on user behavior and software usage by region.
Use data-driven risk assessment to target the most impactful security measures.
Get the Snipd Podcast app to discover more snips from this episode
Elliot Colquhoun, VP of Information Security + IT at Airwallex, has built what might be the most AI-native security program in fintech, protecting 1,800 employees with just 9 security engineers by building systems that think like the best security engineers. His approach to contextualizing every security alert with institutional knowledge offers a blueprint for how security teams can scale exponentially without proportional headcount growth.
Elliot tells Jack his unconventional path from Palantir's deployed engineer program to leading security at a Series F fintech, emphasizing how his software engineering background enabled him to apply product thinking to security challenges. His insights into global security operations highlight the complexity of protecting financial infrastructure across different regulatory environments, communication platforms, and cultural contexts while maintaining unified security standards.
Topics discussed:
The strategic approach to building security teams with 0.5% employee ratios through AI automation and hiring engineers with entrepreneurial backgrounds rather than traditional security-only experience.
How to architect internal AI platforms that contextualize security alerts by analyzing historical incidents, documentation, and company-specific knowledge to replicate senior engineer decision-making at scale.
The methodology for navigating global regulatory compliance across different jurisdictions while maintaining development velocity and avoiding the trap of building security programs that slow down business operations.
Regional security strategy development that accounts for different communication platform preferences, cultural attitudes toward privacy, and varying attack vectors across global markets.
The framework for continuous detection refinement using AI to analyze false positive rates, true positive trends, and automatically iterate on detection strategies to improve accuracy over time.
Implementation strategies for mixing and matching frontier AI models based on specific use cases, from using Claude for analysis to O1 for initial assessments and Gemini for deeper investigation.
"Big bet" security investments where teams dedicate 30% of their time to experimental projects that could revolutionize security operations if successful.
How to structure data and human-generated content to support future AI use cases, including training security engineers to document their reasoning for model improvement.
The transition from traditional security tooling to agent-based systems that can control multiple security tools while maintaining business-specific context and institutional knowledge.
The challenge of preserving institutional knowledge as AI systems replace human processes, including considerations for direct AI-to-regulator communication and maintaining human oversight in critical decisions.
Detection at Scale