Brex's CISO Mark Hillick on avoiding tool bloat and learning from high-severity incidents
04/22/25 • 42 min
In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Mark Hillick, CISO at Brex. Mark’s experience in the security industry spans more than two decades. He started out as a security engineer at Allied Irish Banks before advancing through companies like MongoDB to become Director and Head of Security at Riot Games. His book, The Security Path, features over 70 interviews with security professionals on their career journeys.
In this episode:
[02:06] His early career journey - from a mathematics background to building early online banking systems
[03:32] What’s kept Mark excited about security for over two decades
[04:40] The compound benefits of growing within a company over time
[07:20] Mark’s leadership style - defined by transparency, directness, and genuine care for his teammates
[12:45] Communicating the business trade-off between risk and return
[16:45] Reflecting on the team’s response to major incidents at Riot Games
[21:00] The unique challenges of securing gaming platforms
[26:30] How Mark approaches strategy and planning in the fintech space
[28:08] The case for building strong, partnership-driven vendor relationships
[31:13] Creating space for creativity - without spreading the team too thin
[34:35] Empowering his team to speak openly - even if it means calling him out
[36:35] The inspiration behind Mark’s books Digital Safety for Parents and The Security Path
[40:20] Connect with Mark
Where to find Mark:
Where to find Thomas Kinsella:
Resources mentioned:
- The Security Path - click here to redeem a free copy for podcast listeners (first come, first serve)
- Digital Safety for Parents - click here to redeem a free copy for podcast listeners (first come, first serve)
- Mark's talk during his time at Riot Games in 2016
In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Mark Hillick, CISO at Brex. Mark’s experience in the security industry spans more than two decades. He started out as a security engineer at Allied Irish Banks before advancing through companies like MongoDB to become Director and Head of Security at Riot Games. His book, The Security Path, features over 70 interviews with security professionals on their career journeys.
In this episode:
[02:06] His early career journey - from a mathematics background to building early online banking systems
[03:32] What’s kept Mark excited about security for over two decades
[04:40] The compound benefits of growing within a company over time
[07:20] Mark’s leadership style - defined by transparency, directness, and genuine care for his teammates
[12:45] Communicating the business trade-off between risk and return
[16:45] Reflecting on the team’s response to major incidents at Riot Games
[21:00] The unique challenges of securing gaming platforms
[26:30] How Mark approaches strategy and planning in the fintech space
[28:08] The case for building strong, partnership-driven vendor relationships
[31:13] Creating space for creativity - without spreading the team too thin
[34:35] Empowering his team to speak openly - even if it means calling him out
[36:35] The inspiration behind Mark’s books Digital Safety for Parents and The Security Path
[40:20] Connect with Mark
Where to find Mark:
Where to find Thomas Kinsella:
Resources mentioned:
- The Security Path - click here to redeem a free copy for podcast listeners (first come, first serve)
- Digital Safety for Parents - click here to redeem a free copy for podcast listeners (first come, first serve)
- Mark's talk during his time at Riot Games in 2016
Previous Episode
Ofgem’s Mollie Chard on driving resilience through diverse hiring practices
In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Mollie Chard. Mollie’s career spans 10+ years in technical SOC and leadership roles at organizations like the UK’s Met Office, Capgemini, and OVO. She’s recently accepted a new role as Head of Cyber Guidance & Monitoring at Ofgem, the UK’s Office of Gas and Electricity Markets. A passionate advocate for diversity, she’s also the Chief Advisor for Women in Cybersecurity UK and Ireland.
In this episode:
[02:00] Mollie’s journey from arts graduate to security leader
[04:00] Her previous role developing emerging security talent for CIS UK
[05:00] Tips and techniques for hiring diverse talent
[11:20] The problem with management being the default career path
[15:25] The biggest tech mistake that budget-strapped companies make
[19:23] Solving unique systems and operational technology challenges in the energy sector
[21:30] The ethical considerations and impact of AI for security and other industries
[27:30] Making space in boardroom discussions for diversity and how it can enhance resilience
[32:00] How to stay aligned when working with remote or dispersed team
[35:00] What Mollie thinks cybersecurity will look like in five years
[37:00] AI as a threat to human cognitive abilities within and beyond security
[42:40] Connect with Mollie
The Future of Security Operations is brought to you by Tines, the orchestration, automation, and AI platform that powers some of the world’s most important workflows.
Where to find Mollie:
Where to find Thomas Kinsella:
Resources mentioned:
Next Episode
GitLab’s CISO Josh Lemos on the pros and cons of making security practices public
In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Josh Lemos, CISO at GitLab.
Throughout his 15-year career in security, Josh has led teams at ServiceNow, Cylance, and Square. Known for his expertise in AI-driven security strategies, Josh is also a board member with HiddenLayer. He drives innovation at GitLab with a relentless focus on offensive security, identity management, and automation.
In this episode:
[02:05] His early career path from mechanic to electrical engineer to security leader
[03:35] Josh’s philosophy on hiring and mentoring, plus his tips for creating networking opportunities
[05:30] How he applies technical foundations from his practitioner days to his work as CISO
[07:40] Building product security at ServiceNow from the ground up
[10:40] “Down and in” versus “up and out” - adopting a new leadership style as CISO at Square
[12:17] Josh’s experience as an early AI and security researcher at Cylance
[16:15] What’s surprised Josh most about the evolution of AI
[18:50] Why Josh calls today’s models “AI version 1.0” - and what he thinks it will take to upgrade to version 2.0
[22:45] The LLM security threats Josh is most worried about, as a board member with Hidden Layer
[26:30] “Expressing exponential value” - what excited Josh most about becoming CISO at GitLab
[27:45] Why GitLab prioritizes “intentional transparency”
[32:45] How GitLab automates and orchestrates its Tier 1 and Tier 2 security processes
[34:10] How GitLab’s security team uses GitLab internally
[37:35] The secret to recruiting, hiring, and managing a remote, global team
[39:45] The importance of in-person collaboration for building trust and connection
[41:45] Downsizing, bootstrapping, and problem-solving: Josh’s predictions for the future of SecOps
[46:10] Connect with Josh
Where to find Josh:
Where to find Thomas Kinsella:
Resources mentioned:
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/the-future-of-security-operations-208042/brexs-ciso-mark-hillick-on-avoiding-tool-bloat-and-learning-from-high-89806012"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to brex's ciso mark hillick on avoiding tool bloat and learning from high-severity incidents on goodpods" style="width: 225px" /> </a>
Copy