Security Fails When Developers Don’t Trust It: Jonathan Jaffe, CISO @Lemonade

The problems rarely start with an attacker. They start earlier, in the way teams deploy, approve changes, and share responsibility.  Developers don’t ignore security because they don’t care. They ignore it when it doesn’t fit their workflow, when it slows them down, or when the reasoning isn’t clear.

In this episode, we host Jonathan Jaffe, CISO at Lemonade. He explains why most security failures are not about missing tools or advanced threats, but about how ownership, process, and decision-making are structured inside engineering teams.

We talk about:

• Why security breaks at the ownership level, not the tool level

• How audit-driven controls fail in real environments

• What happens when developers stop trusting security decisions

This is not a conversation about buying better tools. It’s about understanding why the tools you already have may not be working as you think they should.