Why More Security Tools = Less Security with Jonathan Poon, Head of Threat & Vulnerability Management at Zoom

Balancing Security with Speed with Ralph Pyne, CISO, Apollo.io

In this episode of Patch Me If You Can™, Ralph Pyne, CISO at Apollo.io, reveals why traditional security approaches are failing in the age of AI and citizen developers. Ralph shares hard-won insights from building zero-to-one security programs at high-growth startups, including why the principle of least privilege access is fundamentally broken and how AI is making most security controls obsolete. Ralph discusses topics such as the explosive growth of citizen developers using AI coding tools and the security challenges this creates when thousands of single-use apps can emerge across an organization in months, as well as his contrarian view that security teams need to assume failure and move toward statistical models similar to fraud prevention, rather than trying to achieve perfect access controls. The conversation covers practical strategies in areas such as building security programs that accelerate rather than slow down business growth, and making security training and policies more human-centered and consumable.

Why More Security Tools = Less Security with Jonathan Poon, Head of Threat & Vulnerability Management at Zoom

In this episode of Patch Me If You Can™, Jonathan Poon, Head of Threat & Vulnerability Management at Zoom, reveals why adding more security tools often creates more problems than it solves. Jonathan also shares practical strategies for: conducting data audits across your security stack, building a "data oversight committee" to eliminate redundancies, and developing the empathy skills needed to translate technical risks into business language that actually drives action.

RBAC is Broken (Here's Why) with Dmitri Altum, GitLab, ex-Ramp

In this episode of Patch Me If You Can™, Arek Dreyer sits down with Dmitri Altum, Staff Security Engineer at GitLab, who breaks down why Role Based Access Control (RBAC) is failing modern businesses. Dmitri shares his experience building dynamic identity systems that analyze user behavior rather than relying on static job titles, especially as AI blurs traditional role boundaries. He also demonstrates how his team achieved 93% automated approval rates with just 3 second response times, proving that security and speed don't have to pull in opposite directions.

Standard Users in an Admin World with Collin Elliott, Capital One

In this episode of Patch Me If You Can™, Arek Dreyer sits down with Collin Elliott, Senior Platform Engineer at Capital One, to unpack the challenges of balancing strong security with a smooth user experience in endpoint management. They explore topics such as the shift to least privilege, the tools and strategies that help, and why leadership buy-in and thoughtful automations are keys to success.

Why 99% Hit Defer Every Time with Robert Hammen, SAP, ex-SpaceX

In this episode of Patch Me If You Can™, Arek Dreyer sits down with Robert Hammen, Principal Mac Consultant at SAP and former IT Systems Engineer at SpaceX, to dig into various topics, including the world of enterprise patch management. They dig into the complexities and opportunities of patch management at scale. The big question: Why does patching still feel so painful, and what strategies actually drive better compliance and security without alienating end users?