Enterprise Security Weekly (Audio)

Dave Lewis talks M&A due diligence, TBD topic, the weekly news - Dave Lewis - ESW #422

19 snips
Sep 1, 2025
Dave Lewis, Global Advisory CISO for 1Password, dives into the crucial role of cybersecurity in mergers and acquisitions. He highlights common pitfalls and emphasizes the need for thorough security assessments to safeguard organizational value. The conversation also touches on the importance of transparency in breach disclosures, arguing that shared insights could enhance industry learning. Additionally, Lewis discusses the challenges of integrating security measures during organizational shifts and the evolving threats posed by AI in the cyber landscape.
Ask episode
AI Snips
Chapters
Books
Transcript
Episode notes
ADVICE

Involve Security From Day One In M&A

  • Include security teams early in M&A due diligence rather than as an afterthought.
  • Verify technical claims with scans and evidence instead of relying solely on questionnaires.
ANECDOTE

Paid Vacation Instead Of Due Diligence

  • Dave Lewis described an acquisition review that amounted to a paid vacation with no work product.
  • That lax due diligence risked inheriting serious security and operational liabilities.
ANECDOTE

Walk Away From Unfixable Targets

  • Dave Lewis recalled walking away from a potential acquisition because remediation costs outweighed value.
  • Saying no to bad deals prevents inheriting overwhelming tech and security debt.
Get the Snipd Podcast app to discover more snips from this episode
Get the app