
Safety Third: Why Security Shouldn't Be Your Top Priority
From The New CISO by Steve Moore
January 8, 2026 · 1h 7m · Season 1 · Episode 139
About this episode
In this episode, Steve Moore interviews Alex Rice about the 'safety third' philosophy in cybersecurity and its implications for leadership.
In this episode of The New CISO , host Steve Moore speaks with Alex Rice, Founder, CTO, and CISO at HackerOne, about challenging one of cybersecurity's most deeply held beliefs—that security should be the top priority. Drawing from his journey building security programs at Facebook and founding HackerOne, Alex introduces the "safety third" philosophy and explains why accepting that security is never first can actually make you more effective as a leader. Alex shares his unconventional path into cybersecurity, starting as a 14-year-old programmer in rural Florida and eventually leading product security at Facebook during its explosive growth. He reveals how Facebook ran 70+ penetration tests annually with top-tier vendors and still wasn't finding enough vulnerabilities—until they opened the doors to the hacker community and received over 300 valid findings in a single weekend. This experience became the foundation for HackerOne's bug bounty platform. The conversation tackles critical leadership challenges facing modern CISOs, including the toxic tendency toward victim blaming when breaches occur, why security teams struggle with customer-centric design, and how to avoid becoming…
People in this episode
Host: Steve Moore
Guest: Alex Rice
Topics covered
- cybersecurity
- leadership
- bug bounty
- penetration testing
- usability
- AI
Keywords
- safety third
- cybersecurity leadership
- HackerOne
- penetration tests
- bug bounty
- usability
- AI
Mentioned in this episode
Organizations: HackerOne, Facebook
More episodes of The New CISO
- Rogue Agents: The New Era of AI Insider Threats (part 2) · June 4, 2026 · 43 min
- Lessons From a Spy Hunter: The Real Cost of a Breach (Part 1) · May 14, 2026 · 35 min
- Your Most Valuable Skills Aren’t Technical · April 23, 2026 · 53 min
- From Chef to CISO: Unlocking the Recipe to Security Leadership · April 2, 2026 · 45 min
- Architect and Firefighter: How a Modern CISO Leads in Crisis · March 12, 2026 · 49 min
- Six Steps for Better Communication as a CISO · February 19, 2026 · 49 min
Explore listener stats, chart rankings, contacts and more on the The New CISO podcast page.