Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Livestream at RSAC 2024 with Nate Lee, CISO & Principal at

At Bishop Fox's second-annual livestream from the 2024 RSA Conference in San Francisco, we interviewed special guest Nate Lee, CISO at, as he shares insights on building trust, gaining buy-in, and effectively communicating security initiatives.

At Bishop Fox's second-annual livestream from the 2024 RSA Conference in San Francisco, we interviewed special guest Nate Lee, CISO at With over 20 years in cybersecurity, Nate shares insights on building trust, gaining buy-in, and effectively communicating security initiatives.

Abbreviated Transcript

Matt Twells: Hi, welcome back. I'm Matthew Twells, senior solutions architect at Bishop Fox. We're moving on to a new topic about the power of persuasion in a security program. We've got Nate Lee here. He's the CISO of and also a former CISO at TradeShift, where you secured over a trillion dollars in trade. How are you finding San Francisco and tell us a bit about yourself?

Nate Lee: Sure. I'm no longer at TradeShift. I switched to doing fractional work and now consult as a CISO. I'm enjoying RSA and catching up with folks. The hot topic this year seems to be vulnerabilities.

Matt Twells: Yeah, AI is always a big topic here. We were discussing the importance of people skills and trust in security programs. How do you see that in your role as a CISO?

Nate Lee: Trust is crucial. People need to trust you to share problems and involve you early in projects. Without trust, they won't tell you about issues until they become major problems.

Matt Twells: Security work often involves doing things people know they should but don't want to. Do you have tips for gaining buy-in and trust?

Nate Lee: It's about creating an easy path for them and influencing them to drive positive outcomes. It's helpful to convey ideas clearly and connect with people so they understand the importance of what you're asking them to do.

Matt Twells: In the military, we always said to make friends with the chef and the clerk. In a company, who would you say are the key people to build trust with first?

Nate Lee: It's everyone, really. You need to understand different parts of the organization and their problems. Talking to sales, marketing, HR, and finance, not just engineering, helps build connections and trust.

Matt Twells: Let's talk about likability as a tool. How do you balance being likable with staying effective?

Nate Lee: It's about connecting with people genuinely and being helpful. If your team only shows up when there's a problem, it creates negative associations. By being present and helpful regularly, you build positive relationships.

Matt Twells: My background is in audit, and I found that just reassuring people we're not the cops made a huge difference. How do you make your message clear and impactful?

Nate Lee: Focus on the two or three most important things. Help people understand why something is important so they can make informed decisions. Too much information can overwhelm them.

Matt Twells: Social proof is another psychological principle. How can it be applied in cybersecurity?

Nate Lee: Using security champions within teams to model good behavior is effective. People tend to follow what they see others doing. Providing awareness training with real-life examples from their peers can also make a big impact.

Matt Twells: Reciprocity is also powerful. How do you use it in your role?

Nate Lee: Helping others genuinely can trigger a sense of obligation. When you do something nice for someone, they're more likely to help you in return. It's a deep-seated human response.

Matt Twells: Thank you, Nate. This has been a fantastic conversation. I hope you enjoy the rest of your week here in San Francisco.

Nate Lee: Thank you. I appreciate your time.

Matt Twells

About the author, Matt Twells

Senior Solutions Architect

Matthew Twells is a Senior Solutions Architect at Bishop Fox focused on technical scoping of client engagements, training and development, and sales enablement. He graduated from the University of Reading in Reading, England with a B.A. (Hons) in Economics, and has spent time working in the British Army as a Secure Communications Engineer, working with the National Health Service as part of the Cyber Defense Operations Center (CDOC) team during the COVID-19 pandemic and subsequently in a variety of cybersecurity consulting, technical project management, internal audit, and penetration testing roles over the last 7 years.

More by Matt

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.