GitLab’s CISO Josh Lemos on the pros and cons of making security practices public

In this episode:

[02:05] His early career path from mechanic to electrical engineer to security leader

[03:35] Josh’s philosophy on hiring and mentoring, plus his tips for creating networking opportunities

[05:30] How he applies technical foundations from his practitioner days to his work as CISO

[07:40] Building product security at ServiceNow from the ground up

[10:40] “Down and in” versus “up and out” - adopting a new leadership style as CISO at Square

[12:17] Josh’s experience as an early AI and security researcher at Cylance

[16:15] What’s surprised Josh most about the evolution of AI

[18:50] Why Josh calls today’s models “AI version 1.0” - and what he thinks it will take to upgrade to version 2.0

[22:45] The LLM security threats Josh is most worried about, as a board member with Hidden Layer

[26:30] “Expressing exponential value” - what excited Josh most about becoming CISO at GitLab

[27:45] Why GitLab prioritizes “intentional transparency”

[32:45] How GitLab automates and orchestrates its Tier 1 and Tier 2 security processes

[34:10] How GitLab’s security team uses GitLab internally

[37:35] The secret to recruiting, hiring, and managing a remote, global team

[39:45] The importance of in-person collaboration for building trust and connection

[41:45] Downsizing, bootstrapping, and problem-solving: Josh’s predictions for the future of SecOps

[46:10] Connect with Josh