Security executive · builder · operator
CEO & Co-Founder of Gomboc AI. Former CSO at Rapid7 and Cimpress; security leader at Amazon and ZeroFOX. Twenty-five years building security programs at global scale — grounded in a practitioner's view of how systems actually break.
Building companies, breaking systems, leading teams.
I split my time between building companies and breaking systems. Currently, I am leading Gomboc AI, where we are solving cloud infrastructure security using deterministic AI — giving engineering teams actual fixes, not just alerts.
With over 25 years in the industry, I've led security programs at global scale: from Cimpress, Amazon (AWS) and Rapid7 to founding my own ventures. My approach bridges deep technical offense with executive-level strategy — I've been both the hacker and the CISO, and I build products that reflect both perspectives.
Beyond the corporate world, I am deeply involved in the community — serving on the board of BSides Las Vegas, founding the Tel Aviv DefCon chapter (DC9723), acting as faculty for IANS, and writing about what actually matters in security at the Intelligence Log.
From breaking systems as a researcher to defending them at global scale — a 25-year arc from red team to the boardroom, and back to building.
Solving the last mile of cloud security: not more alerts, but actual fixes. Built Gomboc AI from zero to a funded, deployed product that gives engineering teams deterministic AI-generated remediations for infrastructure misconfigurations.
Advised the leadership of a publicly traded cybersecurity company on security strategy and program direction — bringing a practitioner's lens to enterprise security and product as I moved from operating roles toward building Gomboc.
Built and led security strategy across a global portfolio of mass-customization businesses spanning 20+ brands and 40+ countries. Established a federated security model that scaled across a decentralized enterprise without sacrificing control.
Led security engineering teams inside the world's largest cloud provider. Operated at a scale most security leaders never see — and learned how to build systems that are secure by design, not patched after the fact.
Twenty-five years of watching the same movie: security teams find problems, hand them to engineering as tickets, and watch them sit in backlogs indefinitely. I've been on both sides of that friction — as the attacker, the defender, and the executive funding both. Gomboc AI exists to close that loop. Not more dashboards. Actual fixes, automatically generated, that engineers actually merge.
Thinking out loud on security, AI, risk, and what actually works in practice.
Keynotes, research talks, press, and community leadership across the security industry.
BlackHat, DefCon, RSA, BlueHat
View TalksForbes, DevOps.com, DarkReading
View ArticlesBSidesLV, DC9723, The CISO Track
View RolesInterested in having me speak at your conference, podcast, or event?
Get in Touch