Jason Chan, former VP of Information Security at Netflix and a pioneer of engineering-first cloud security architecture, joins host Nate Lee to explore how to build security programs that actually scale with growth — not slow it down. Known for defining the “paved road” and “guardrails not gates” approach, Jason brings decades of real-world experience, from building one of Netflix’s most respected security orgs to advising fast-growing SaaS companies on resilience, identity, and risk strategy.
Show Notes / Recap
In this episode of The TPRM Podcast — Threats, Pitfalls & Risk Myths — Nate and Jason dive into:
- What “paved road” was originally intended to be — and how it’s frequently misinterpreted
- Why guardrails outperform gates in fast-moving engineering environments
- The real problem with modern vulnerability management — and how to fix it
- How AI is reshaping what “scaling security” actually means
- Choosing build vs. buy in 2025 — where to invest now
- Why vendor questionnaires rarely reflect real risk
- Identity as the new security perimeter — including non-human identities
- What resilient architecture really looks like — and how to survive third-party risk events
- What security leaders should prioritize over the next 3–5 years