1Password's Jacob DePriest on Balancing Human Intuition and AI in Cybersecurity

Apr 22, 2025

Jacob DePriest, VP of Security/CISO at 1Password, shares his expertise from the NSA and GitHub. He outlines a fresh framework for assessing security focused on business objectives first. Jacob highlights the importance of integrating generative AI with human intuition in cybersecurity, discussing AI's role in enhancing operations while recognizing its limits. He also details 1Password's transformation from a password manager to a comprehensive security platform and offers valuable leadership tips on building relationships and maintaining work-life balance.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

ANECDOTE

From Engineering To The NSA And CISO

Jacob DePriest started his career in engineering at the NSA and transitioned into security over 15 years.
He says that engineering experience gives him empathy for developers when implementing security controls.

INSIGHT

Scale Security Through Engineering Partnership

Jacob DePriest insists security programs must scale through engineering partnership and automation.
He leverages his developer background to minimize friction and align security with developer workflows.

INSIGHT

Business-First Security Assessment

Jacob DePriest assesses security by first understanding company objectives, then mapping risks to those goals.
He then defines programs, processes, and roles to mitigate the prioritized risks to business outcomes.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode of Detection at Scale, Jack speaks with Jacob DePriest, VP of Security/CISO at 1Password, who shares insights from his 15-year journey from the NSA to leading security at GitHub through his current role. Jacob discusses his framework for assessing security programs with fresh eyes, emphasizing business objectives first, then addressing risks, and finally implementing the right security measures.

He also explores how generative AI can enhance security operations while maintaining that human expertise remains essential for understanding threat intent. As 1Password transforms from a password manager to a multi-product security platform, Jacob outlines his approach to scaling security through engineering partnerships and automation, while offering practical leadership advice on building relationships, maintaining work-life balance, and aligning security initiatives with business goals.

Topics discussed:

Transitioning from engineering to security leadership and how that technical background provides empathy when implementing security controls.
Approaching security program assessment by first understanding business objectives, then identifying risks, and finally implementing appropriate measures.
Exploring 1Password's evolution from a password management product to a multi-product security company with extended access management.
Balancing generative AI's capabilities with human expertise in security operations, recognizing AI's limitations in understanding intent.
Leveraging AI to enhance incident response through automated summaries and context gathering to speed up triage processes.
Implementing AI applications in GRC functions like vendor reviews and third-party questionnaires to increase efficiency and reduce tedium.
Building sustainable security operations by ensuring security tools have proper access to data through education and partnership.
Addressing the varying security postures across the vendor landscape through a risk-based approach focusing on access and visibility.
Scaling security teams by clearly connecting their work to business objectives and ensuring team members understand why their tasks matter.
Three pillars of security leadership: building a trusted network, establishing sustainable work-life balance, and connecting security to business goals.

Listen to more episodes: