Security that slows people down is security that gets bypassed.

Birat Niraula leads security for Google Enterprise Network, where he oversees protection across on-premise, network infrastructure, enterprise, and cloud environments. In this episode of Threat Vector, host David Moulton explores a critical truth that most security leaders miss: the difference between friction that protects and friction that creates risk.

You'll learn:

- Why bad security UX isn't just annoying—it's a vulnerability that creates backdoors

- How to identify friction that protects (like MFA and jump hosts) versus friction that makes teams bypass controls

- Why DevOps teams inject backdoors into production when security slows them down too much

- How AI is becoming the new cloud rush—teams deploying models without understanding security risks

- The Chrome browser principle: best security is seamless security that users don't have to think about

- Why embedding security teams in design processes beats the "sledgehammer approach" of blanket policies

- How to use AI agents as security sidekicks to scale beyond what your team can manually review

Birat shares hard-won lessons from securing enterprises at massive scale—from building 24/7 SOCs to leading multi-cloud architecture at Goldman Sachs to now protecting Google's infrastructure. But this conversation isn't about his resume. It's about the fundamental tradeoffs security leaders face: velocity versus protection, automation versus human judgment, and when to embrace friction versus when friction becomes the enemy.

This episode is essential listening if you're: leading enterprise security programs, struggling with teams that route around your controls, managing DevOps or cloud security, implementing security that doesn't block business velocity, or trying to understand where AI security is heading.

Related Episodes:

- Securing the Modern Workforce

- Why Security Platformization Is the Future of Cyber Resilience

- Shifting Security Left

#Cloud #SecurityUX #DevSecOps