Most security teams still treat patching as the front line of defense.
But what happens when attackers move faster than your remediation cycle, vulnerabilities are discovered at machine speed, and security teams are still optimizing around outdated assumptions?
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Jerry Perullo, former CISO of Intercontinental Exchange, where he spent more than two decades securing critical infrastructure including the New York Stock Exchange. Jerry is now Founder & CTO of Adversarial, Professor at Georgia Tech, and co-host of The Adversarial Podcast.
The conversation explores why many security programs are still solving the wrong problems. Jerry breaks down the difference between threats and risks, why organizations often confuse activity with progress, and how security leaders should think more intentionally about tradeoffs, governance, and real business impact.
Nate and Jerry unpack why vulnerability management has become overly narrow, why patching alone cannot be the strategy, and what organizations should be doing instead to reduce real exposure.
They also discuss board communication, security decision-making, vendor driven fear, and how security teams can avoid reacting to every headline while staying grounded in what actually matters.
Jerry shares practical lessons from securing some of the world’s most critical financial infrastructure, including how mature organizations think about prioritization, resilience, and continuous improvement when the stakes are exceptionally high.
This episode is essential listening for CISOs, security leaders, risk practitioners, and security teams trying to build programs grounded in reality instead of noise.
Listen and Subscribe
Spotify - https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=1c7d77143ad7424a
Apple Podcasts - https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699
YouTube - https://youtube.com/@TPRMPodcast
Episode Sponsor
This episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews.
TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms.
Learn more at
https://trustmind.com
About the Guest
Jerry Perullo is the Founder & CTO of Adversarial, a former CISO of Intercontinental Exchange, and a Professor at Georgia Tech.
Over a 20+ year career leading security for critical financial infrastructure, including the New York Stock Exchange, Jerry developed practical approaches to cyber risk management, governance, and adversarial resilience.
He is also co-host of The Adversarial Podcast, where he explores modern cybersecurity strategy with fellow former CISOs and security leaders.
About the Host
Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth.
About the Show
The TPRM Podcast features real world conversations with security leaders who are reshaping how we think about cybersecurity and risk.
Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.