

Dave Lewis talks M&A due diligence, TBD topic, the weekly news - Dave Lewis - ESW #422
19 snips Sep 1, 2025
Dave Lewis, Global Advisory CISO for 1Password, dives into the crucial role of cybersecurity in mergers and acquisitions. He highlights common pitfalls and emphasizes the need for thorough security assessments to safeguard organizational value. The conversation also touches on the importance of transparency in breach disclosures, arguing that shared insights could enhance industry learning. Additionally, Lewis discusses the challenges of integrating security measures during organizational shifts and the evolving threats posed by AI in the cyber landscape.
AI Snips
Chapters
Books
Transcript
Episode notes
Involve Security From Day One In M&A
- Include security teams early in M&A due diligence rather than as an afterthought.
- Verify technical claims with scans and evidence instead of relying solely on questionnaires.
Paid Vacation Instead Of Due Diligence
- Dave Lewis described an acquisition review that amounted to a paid vacation with no work product.
- That lax due diligence risked inheriting serious security and operational liabilities.
Walk Away From Unfixable Targets
- Dave Lewis recalled walking away from a potential acquisition because remediation costs outweighed value.
- Saying no to bad deals prevents inheriting overwhelming tech and security debt.