The Future of Security Operations GitLab’s CISO Josh Lemos on the pros and cons of making security practices public
In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Josh Lemos, CISO at GitLab.
Throughout his 15-year career in security, Josh has led teams at ServiceNow, Cylance, and Square. Known for his expertise in AI-driven security strategies, Josh is also a board member with HiddenLayer. He drives innovation at GitLab with a relentless focus on offensive security, identity management, and automation.
In this episode:
[02:05] His early career path from mechanic to electrical engineer to security leader
[03:35] Josh’s philosophy on hiring and mentoring, plus his tips for creating networking opportunities
[05:30] How he applies technical foundations from his practitioner days to his work as CISO
[07:40] Building product security at ServiceNow from the ground up
[10:40] “Down and in” versus “up and out” - adopting a new leadership style as CISO at Square
[12:17] Josh’s experience as an early AI and security researcher at Cylance
[16:15] What’s surprised Josh most about the evolution of AI
[18:50] Why Josh calls today’s models “AI version 1.0” - and what he thinks it will take to upgrade to version 2.0
[22:45] The LLM security threats Josh is most worried about, as a board member with Hidden Layer
[26:30] “Expressing exponential value” - what excited Josh most about becoming CISO at GitLab
[27:45] Why GitLab prioritizes “intentional transparency”
[32:45] How GitLab automates and orchestrates its Tier 1 and Tier 2 security processes
[34:10] How GitLab’s security team uses GitLab internally
[37:35] The secret to recruiting, hiring, and managing a remote, global team
[39:45] The importance of in-person collaboration for building trust and connection
[41:45] Downsizing, bootstrapping, and problem-solving: Josh’s predictions for the future of SecOps
[46:10] Connect with Josh
Where to find Josh:
Where to find Thomas Kinsella:
Resources mentioned: