When Security Friction Becomes the Backdoor

11 snips

Feb 12, 2026

Birat Niraula, a security leader who protects enterprise, network, on-prem, and cloud systems. He digs into how poor security UX creates backdoors. He contrasts protective friction like MFA with harmful friction that drives workarounds. He warns of AI repeating cloud security mistakes and urges embedding seamless security in design to keep velocity without adding risk.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Building An IDS Taught Practical Security

Birat built an IDS across multiple data centers early in his career with little guidance.
That hands-on work taught him protocols, tuning, and gave confidence to handle diverse security challenges.

INSIGHT

Security Is A Trade-Off

Security is always a trade-off between protection and user experience or velocity.
Overly strict controls can slow business and create bypass incentives.

ADVICE

Apply Friction That Actually Protects

Use protections like MFA, token expiry, and jump hosts to narrow attacker windows.
Keep those controls where they materially reduce risk rather than adding needless steps.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Security that slows people down is security that gets bypassed.

Birat Niraula leads security for Google Enterprise Network, where he oversees protection across on-premise, network infrastructure, enterprise, and cloud environments. In this episode of Threat Vector, host David Moulton explores a critical truth that most security leaders miss: the difference between friction that protects and friction that creates risk.

You'll learn:

- Why bad security UX isn't just annoying—it's a vulnerability that creates backdoors

- How to identify friction that protects (like MFA and jump hosts) versus friction that makes teams bypass controls

- Why DevOps teams inject backdoors into production when security slows them down too much

- How AI is becoming the new cloud rush—teams deploying models without understanding security risks

- The Chrome browser principle: best security is seamless security that users don't have to think about

- Why embedding security teams in design processes beats the "sledgehammer approach" of blanket policies

- How to use AI agents as security sidekicks to scale beyond what your team can manually review

Birat shares hard-won lessons from securing enterprises at massive scale—from building 24/7 SOCs to leading multi-cloud architecture at Goldman Sachs to now protecting Google's infrastructure. But this conversation isn't about his resume. It's about the fundamental tradeoffs security leaders face: velocity versus protection, automation versus human judgment, and when to embrace friction versus when friction becomes the enemy.

This episode is essential listening if you're: leading enterprise security programs, struggling with teams that route around your controls, managing DevOps or cloud security, implementing security that doesn't block business velocity, or trying to understand where AI security is heading.

Related Episodes:

- Securing the Modern Workforce

- Why Security Platformization Is the Future of Cyber Resilience

- Shifting Security Left

#Cloud #SecurityUX #DevSecOps