Show Notes / Recap
Guest: Andrew Becherer — Sublime Security CISO, Former CISO @ Datadog and Iterable
Host: Nate Lee — CISO and Founder, Cloudsec.ai
Topic: Why security can’t be reduced to compliance and how to build programs that truly scale
Episode Overview
In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths, Nate and Andrew dig into one of the industry’s biggest misconceptions: that compliance equals security.
Andrew shares lessons learned from years of leading security programs at high-growth SaaS companies; including how to align security with business goals, communicate risk effectively, and create a culture of shared responsibility that drives lasting results.
They explore what it takes to move past checkbox compliance, measure what actually matters, and build trust that scales with the organization.
Key Takeaways
- Compliance ≠ security — focus on outcomes, not paperwork.
- Security must enable the business, not slow it down.
- A strong security culture starts with shared responsibility.
- Communication and context are the foundation of real risk management.
- Pragmatic leaders balance velocity and control to achieve meaningful impact.
Watch on YouTube
Watch as Andrew Becherer joins host Nate Lee to discuss how to bridge the gap between compliance frameworks and real-world security and what modern teams can do to build trust that lasts.