In this episode of the TPRM Podcast — Threats, Pitfalls & Risk Myths — host Nate Lee sits down with Mike Johnson, who led security as CISO at Lyft, Fastly, and now, Rivian, to explore what modern security really looks like at AI speed.

Mike has had a front-row seat to the evolution of security — from the early days of SaaS and hyperscale cloud platforms to today’s world of AI-driven attacks, software supply chain risk, and software-defined vehicles. He brings a pragmatic, experience-backed perspective on what actually works when security has to scale fast.

They discuss:
• Why security questionnaires fail — and what reflects real risk instead
• How AI is accelerating both attacks and detection
• The growing threat of software supply chain vulnerabilities
• Why security teams must treat telemetry as a big-data problem
• Lessons from securing SaaS, consumer-scale systems, and global infrastructure
• What “minimum viable security” really means for vendors
• The rise of automated exploitation and AI-driven attack chaining
• How defenders can finally gain leverage through context
• Why inventory and hygiene remain foundational controls
• What modern resilience looks like when third-party failures are inevitable

This episode delivers high-signal insight for CISOs, security leaders, founders, AppSec engineers, cloud security teams, and anyone building modern, engineering-aligned security programs.

Listen and Subscribe
- Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA
- Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast-threats-pitfalls-and-risk-myths/id1848217699
- YouTube → @TPRMPodcast

About the Host
Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity and strengthen trust.

About the Show
The TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk — uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges.

Connect with Us
Nate’s LinkedIn → https://www.linkedin.com/in/natetrustmind/
TPRM Podcast LinkedIn → https://www.linkedin.com/company/tprm-podcast/
Website → tprmpodcast.com
Instagram → @TPRMPodcast
TikTok → @tprmpodcast

Cybersecurity, CISO, CloudSecurity, AIinSecurity, SupplyChainSecurity, VendorRisk, SecurityLeadership, DetectionEngineering, BigDataSecurity, SoftwareSupplyChain, AppSec, DevSecOps, RiskManagement, TPRMPodcast, SecurityArchitecture, StartupSecurity, NateLee, MikeJohnson