Safety Third: Why Security Shouldn't Be Your Top Priority

Safety Third: Why Security Shouldn't Be Your Top Priority

From The New CISO by Steve Moore

January 8, 2026 · 1h 7m · Season 1 · Episode 139

About this episode

In this episode, Steve Moore interviews Alex Rice about the 'safety third' philosophy in cybersecurity and its implications for leadership.

In this episode of The New CISO , host Steve Moore speaks with Alex Rice, Founder, CTO, and CISO at HackerOne, about challenging one of cybersecurity's most deeply held beliefs—that security should be the top priority. Drawing from his journey building security programs at Facebook and founding HackerOne, Alex introduces the "safety third" philosophy and explains why accepting that security is never first can actually make you more effective as a leader. Alex shares his unconventional path into cybersecurity, starting as a 14-year-old programmer in rural Florida and eventually leading product security at Facebook during its explosive growth. He reveals how Facebook ran 70+ penetration tests annually with top-tier vendors and still wasn't finding enough vulnerabilities—until they opened the doors to the hacker community and received over 300 valid findings in a single weekend. This experience became the foundation for HackerOne's bug bounty platform. The conversation tackles critical leadership challenges facing modern CISOs, including the toxic tendency toward victim blaming when breaches occur, why security teams struggle with customer-centric design, and how to avoid becoming…

People in this episode

Host: Steve Moore

Guest: Alex Rice

Topics covered

  • cybersecurity
  • leadership
  • bug bounty
  • penetration testing
  • usability
  • AI

Keywords

  • safety third
  • cybersecurity leadership
  • HackerOne
  • penetration tests
  • bug bounty
  • usability
  • AI

Mentioned in this episode

Organizations: HackerOne, Facebook

More episodes of The New CISO

Explore listener stats, chart rankings, contacts and more on the The New CISO podcast page.