Lessons - The Man Who Protects Millions of Dollars Online Every Day | John Downey - CISO at GoFundMe (Fmr PayPal)
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Lessons - The Man Who Protects Millions of Dollars Online Every Day | John Downey - CISO at GoFundMe (Fmr PayPal)” inside PodZeus.
The most dangerous cybersecurity threats aren't sophisticated hacks—they're simple human errors exploited by financially motivated attackers who target unlocked 'car doors' like weak passwords, unpatched systems, and unencrypted laptops. John Downey, former CISO at PayPal and current CISO at GoFundMe, reveals that over 80% of successful breaches begin with stolen credentials, not complex intrusions. He emphasizes that the real vulnerability isn’t technology—it’s people, especially in nonprofits and small businesses that lack dedicated IT teams. The solution? A culture of psychological safety where employees feel empowered to report suspicious activity without fear of punishment. Drawing from the SolarWinds breach, Downey highlights how one alert employee’s courage—triggered by a strange MFA reset email—exposed a massive supply-chain attack. This moment underscores a critical truth: the strongest security layer isn’t firewalls or encryption—it’s a 'human firewall' built on trust, empathy, and blameless postmortems. When leaders respond to mistakes with support instead of reprimand, they create an environment where threats are surfaced early, not hidden.
80% of successful breaches start with stolen credentials—strong passwords and MFA are the #1 defense.
Unencrypted laptops are a top risk; ensure all devices use full-disk encryption by default.
Phishing and BEC scams thrive on urgency and authority—train teams to verify requests via separate channels.
Create psychological safety: employees who fear punishment will hide mistakes, increasing risk.
Blameless postmortems (like those at Etsy) encourage transparency and faster incident response.
…and 3 more takeaways available in PodZeus
Sponsor: Cohesity – Data Resilience in the Age of Threats
Cohesity introduces its AI-powered Data Cloud platform, designed to protect data against ransomware, breaches, and outages with fast recovery—replacing slow, outdated backup methods.
Sponsor: HubSpot – Unlock 100% of Your Business Data
HubSpot’s platform aggregates unstructured data from calls, emails, and chats to give businesses a complete picture, turning fragmented insights into actionable growth strategies.
The Human Firewall: Why People Are the Weakest Link
“The vast majority of people that they're probably going to deal with are people who are financially motivated. It's someone walking down the street and jiggling the handles on the car doors, right? That's the kind of person.”
The Real Threats: From Phishing to BEC Scams
“They're playing to urgency. They're playing towards people's sense of wanting to help out, especially like the CEO, you know, Hey, like I, you know, I'm special. They reached out to me cause they thought I could handle it.”
The Power of Psychological Safety in Security
“If this human hadn't kind of been aware and felt comfortable going to their security team with this, that whole SolarWinds incident may have lasted for another few months, if not years.”
“If this human hadn't kind of been aware and felt comfortable going to their security team with this, that whole SolarWinds incident may have lasted for another few months, if not years.”
“you reprimand them and you fire them, that is actually potentially going to do more harm to your organization in the long term because everybody who saw that action is going to be scared out of their mind to ever say anything”
“They're playing to urgency. They're playing towards people's sense of wanting to help out, especially like the CEO, you know, Hey, like I, you know, I'm special. They reached out to me cause they thought I could handle it.”
Host
Guest
John Downey
person
GoFundMe
organization
SolarWinds
organization
FBI
organization
HubSpot
organization
Cohesity
organization
PayPal
organization
FireEye
organization
Dell Technologies
organization
Etsy
organization
Vishal Virani - Founder of Rocket.new | Why Vibe Solutioning Replaces Vibe Coding
Success Story with Scott D. Clary • 1h 22m • 4/7/2026
Lessons - The Investor Behind Lyft, Pinterest, and Warby Parker | Courtney Reum - M13 Co-Founder
Success Story with Scott D. Clary • 13m • 4/9/2026
Arthur Brooks - Harvard Professor & #1 NYT Bestselling Author | Why the Most Successful People Feel the Most Empty
Success Story with Scott D. Clary • 1h 11m • 4/10/2026
Jason Wojo - Wojo Media CEO ($100M+ in Ad Revenue) | Why Your Business Isn't Growing and What to Do About It
Success Story with Scott D. Clary • 1h 33m • 4/16/2026
Lessons - Why the Highest Paid People Never Chased the Paycheck | Jairek Robbins - Performance Coach & Bestselling Author
Success Story with Scott D. Clary • 15m • 4/20/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Lessons - The Man Who Protects Millions of Dollars Online Every Day | John Downey - CISO at GoFundMe (Fmr PayPal)” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime