1Password's Jacob DePriest on Balancing Human Intuition and AI in Cybersecurity

Apr 22, 2025

Ask episode

Chapters

Transcript

Episode notes

In this episode of Detection at Scale, Jack speaks with Jacob DePriest, VP of Security/CISO at 1Password, who shares insights from his 15-year journey from the NSA to leading security at GitHub through his current role. Jacob discusses his framework for assessing security programs with fresh eyes, emphasizing business objectives first, then addressing risks, and finally implementing the right security measures.

He also explores how generative AI can enhance security operations while maintaining that human expertise remains essential for understanding threat intent. As 1Password transforms from a password manager to a multi-product security platform, Jacob outlines his approach to scaling security through engineering partnerships and automation, while offering practical leadership advice on building relationships, maintaining work-life balance, and aligning security initiatives with business goals.

Topics discussed:

Transitioning from engineering to security leadership and how that technical background provides empathy when implementing security controls.
Approaching security program assessment by first understanding business objectives, then identifying risks, and finally implementing appropriate measures.
Exploring 1Password's evolution from a password management product to a multi-product security company with extended access management.
Balancing generative AI's capabilities with human expertise in security operations, recognizing AI's limitations in understanding intent.
Leveraging AI to enhance incident response through automated summaries and context gathering to speed up triage processes.
Implementing AI applications in GRC functions like vendor reviews and third-party questionnaires to increase efficiency and reduce tedium.
Building sustainable security operations by ensuring security tools have proper access to data through education and partnership.
Addressing the varying security postures across the vendor landscape through a risk-based approach focusing on access and visibility.
Scaling security teams by clearly connecting their work to business objectives and ensuring team members understand why their tasks matter.
Three pillars of security leadership: building a trusted network, establishing sustainable work-life balance, and connecting security to business goals.

Listen to more episodes: