Ep. 8 — Security by Design with Bob Lord (Former CSO: Yahoo, DNC, CISA)

Show Notes

In this episode of the TPRM Podcast, Nate Lee sits down with Bob Lord, one of the most respected voices in modern cybersecurity.

Bob has led security programs at Yahoo, Twitter, Red Hat, Rapid7, and the Democratic National Committee, and later helped shape the Secure by Design initiative for the U.S. government at CISA. He currently works with policymakers and industry leaders through the Institute for Security and Technology.

The conversation centers on Bob’s work around Hack Lore, the collection of outdated or misleading security advice that sounds helpful but ultimately pulls attention away from the basics that actually reduce risk. Together, Nate and Bob explore why blaming users is the wrong model, how incentives shape insecure systems, and what it really means to build security that works at scale.

What we cover

• Why most security advice fails in real-world environments
• How Hack Lore dilutes meaningful security practices
• Why users should not be blamed for systemic security failures
• What Secure by Design looks like in practice
• How incentives drive insecure software outcomes
• Where AI helps security teams and where it creates noise

This episode is a practical, systems-level discussion for CISOs, AppSec leaders, cloud security teams, security engineers, founders, and anyone responsible for building resilient, engineering-aligned security programs.

Listen to the episode

Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA
Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699
YouTube → https://youtube.com/@TPRMPodcast

About the Guest

Bob Lord is a veteran cybersecurity leader whose experience spans the private sector, government, and nonprofit organizations. He has held senior security roles at Yahoo, Twitter, Red Hat, Rapid7, and the Democratic National Committee, and previously served at CISA advancing Secure by Design principles. His work focuses on shifting accountability upstream and improving security outcomes through better system design.

About the Host

Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support sustainable growth.

About the Show

The TPRM Podcast features real-world conversations with security leaders reshaping how we think about risk, exposing the threats, pitfalls, and myths behind today’s cybersecurity challenges.