At Black Hat USA 2025, Cycode hosted its first-ever Product Security All-Stars Celebration Breakfast, bringing together leaders from across industries for a candid conversation about what it really takes to scale product security in today’s environment.
The panel included a diverse set of voices — Brad Tenenholtz (Product Security Officer, BD), Julie Davila (VP of Product Security, GitLab), Nikola Dalcekovic (Product Security Officer, Schneider Electric), and Terry O’Daniel (CISO, Amplitude) — each offering a unique lens on how their organizations think about risk, engineering alignment, and the impact of AI.
Here’s a recap of four big questions from the discussion, along with key takeaways and practical insights.
Q: What’s the biggest misconception you hear about product security and how do you push back on it?
One of the most persistent misconceptions — unanimously rejected by the panel — is that product security is a blocker: something that slows teams down or adds friction late in the development cycle. All four All-Stars emphasized that this view is not only outdated, but actively harmful to how teams think about building secure software.
That’s because product security works best when it’s embedded within engineering workflows and treated as a quality enabler, not just a defensive layer. When security is positioned as part of building better software (not just safer software) it becomes easier for teams to rally around it.
Julie Davila, VP of Product Security at GitLab, reinforced this idea by framing product security as an extension of engineering quality work. Connecting it to broader goals like reliability and performance helps security shift from being “the team that says no” to a strategic partner in product delivery.
Q: With AI reshaping how software products are built and secured, how are you evolving your product security strategy?
AI’s impact on software development is already enormous, not just in what gets built, but how it gets built. Panelists discussed both sides of the equation: securing AI systems, and using AI to improve security.
Brad Tenenholtz, Product Security Officer at BD, highlighted a key shift in velocity. Where a traditional developer might commit 10–100 lines of code a day, AI assistants like Claude can generate thousands in an hour. That volume increases the surface area for potential risk and puts more pressure on teams to have strong patterns and controls already in place. AI hasn’t introduced new problems, he noted, but it’s accelerated the need to solve existing ones.
But, as Terry O’Daniel, CISO at Amplitude, pointed out, AI can also help teams prioritize. In a world flooded with noisy alerts and fragmented data, AI can help cut through the noise, especially when used to triage issues on both the proactive (left) and reactive (right) sides of security. That said, he offered a critical reminder: machines can’t be held solely accountable. Even as AI systems take on more autonomous or “agentic” roles, the burden of judgment and responsibility still rests with humans.
Q: Which position is best poised to become the CISOs of tomorrow: Product Security or Application Security?
While the panel included a mix of perspectives, there was strong alignment around the core skill set needed for tomorrow’s CISOs. The discussion moved beyond titles to focus on the capabilities that matter most: influencing without authority, establishing guardrails rather than gates, and translating business risks into technical controls. These traits, which align closely with the product security mindset, were seen as increasingly essential for modern security leadership.
Why This Conversation Matters
The panel offered a powerful reminder that product security is evolving, fast. It’s no longer a bolt-on function or a specialized niche. It’s becoming a critical part of how teams build, ship, and maintain trustworthy software.
Whether it’s reframing security as an enabler, rethinking measurement, or navigating the rise of AI, these leaders are laying the groundwork for what product security looks like at scale.
To see more insights and explore the leaders shaping the future of the field, check out 15+ interviews with other All-Stars here and stay tuned for our 2026 cohort coming soon.
