Building a Risk Based Security Program That Actually Works – Nick Leghorn – ESW #250

Risk based security programs are all the rage, from managers looking to “trim” the security budget to regulatory bodies looking for excuses to fine your company. Nick is a security pro who has seen it all — programs done well, programs done poorly, and implemented one or two of them himself, and would love to share the lessons learned from those experiences. Visit for all the latest episodes!

Full Episode Show Notes

Building a Risk Based Security Program That Actually Works


Nick Leghorn

Nick Leghorn – Director of Application Security at The New York Times


Nick Leghorn is the Director of Application Security at the New York Times. After graduating from Penn State University with a degree in Security and Risk Analysis, his first job was working for the U.S. Department of Homeland Security quantifying terrorism risks and identifying mitigations to provide the best risk reduction for each dollar spent.

Nick has spent his career working for a number of large companies, including Rackspace Hosting, Shoretel, Mitel, and Indeed, improving the security of both the infrastructure itself as well as the processes within the company.


Adrian Sanabria

Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance


Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

Katie Teitler

Katie Teitler – Sr. Product Marketing Manager at Axonius


Katie Teitler is a cybersecurity content creator. In her current role with Axonius, she is part of the product marketing team, helping audiences understand the value proposition of cyber asset management as it pertains to risk reduction. In past roles, Katie was an industry analyst, research director, content marketer, and freelance author, and managed content and speakers for InfoSec World, now a flagship offering of the Cyber Risk Alliance.

Tyler Shields

Tyler Shields – CMO at JupiterOne


Tyler advises, guides, and operates high tech startups primarily in the B2B security space. He is a former market analyst, engineer, product manager, marketing leader, and partnership manager. In other words, Tyler builds and grows businesses – in all aspects. He’s a board advisor, angel investor, and board member at multiple firms and an investment advisor for a venture debt business. He loves to play guitar and poker in his free time.