He built the company you call when the ransom note appears and the servers go dark.
Billy Gouveia // Founder & CEO, Surefire Cyber. The job: stay steady while everyone else panics.
Most cybersecurity gets sold on prevention - the firewall, the training, the locked door. Billy Gouveia built a business around the moment after the lock fails. Surefire Cyber, the firm he founded and runs as CEO, is what cyber insurers, brokers, and law firms reach for when a client's network is already on fire: ransomware spreading, email compromised, data walking out the door.
The pitch is contrarian in a market obsessed with shiny prevention tools. Incident response is messy, human, and slow - rooms full of forensic analysts manually picking through logs while a company bleeds. Gouveia's idea was to refuse that trade-off. Pair automation with human expertise, he argued, and you get faster answers without losing the judgment that only experienced responders bring.
We used automation to empower our team with tools that gave them better, faster outcomes.- Billy Gouveia, on Surefire Cyber's model
Surefire Cyber launched out of stealth on May 31, 2022, with $10 million in Series A funding led by Forgepoint Capital. It was the second company the San Francisco firm incubated in-house - and Gouveia had a front-row seat to that process, having spent 2021 as an Entrepreneur in Residence there before becoming the founder Forgepoint chose to back. The investor became the funder. That is not the usual order of things.
The early returns were brisk. By the end of 2022, the team had worked more than 150 cases. In 2023, the company reported 100% customer satisfaction and picked up a Cyber Newcomer of the Year nomination. For a firm that did not exist eighteen months earlier, the response economy noticed.
Gouveia did not start in code. He started in uniform. After an undergraduate degree at Columbia University, he joined the U.S. Army as an intelligence officer and led a platoon - a job that teaches you how a small team holds together when the situation is loud, fast, and frightening. Planning under pressure. Communicating when nobody has the full picture. Those instincts turn out to map cleanly onto a 2 a.m. ransomware call.
From the Army he moved into the national security community, where he watched private-sector innovation solve problems government alone could not. Sensing gaps in his own toolkit, he made a deliberate pivot into enterprise risk consulting - and there he spotted the thing that would define his career. Among every category of risk an organization faces, cyber was growing fastest.
I wanted a partner who shares a commitment to defending companies, jobs, and our nation from the growing number of destructive cybercrimes.- Billy Gouveia, at launch
Before Surefire Cyber there was a startup apprenticeship most people skip. In 2017 Gouveia became COO of the cloud company Zanaris, then co-founded jumbbit, a blockchain-based data security startup built to address ransomware and insider threats - the exact problems he would later make his life's work. He followed that with a senior run at S-RM Intelligence and Risk Consulting, leading cybersecurity intelligence, resilience, and response programs for a global consultancy.
Add a Master of Arts in Security Studies from Georgetown, earned in the early 2000s, and a pattern emerges. Gouveia kept circling the same question from new angles - national security, consulting, startups, academia - until he had assembled the rare combination of operator, strategist, and crisis leader needed to build a response firm from scratch.
Here is the quiet bit of cleverness in the business. Surefire Cyber does not primarily sell to the company that gets breached. It sells to the ecosystem sitting behind that company: the cyber insurers, the brokers, and the law firms who are on the hook when an incident hits and who decide which responder gets the call. Win their trust and you win a steady stream of the worst days other people are having.
The work spans the full arc of an incident - preparation before, swift response during, and recovery and resilience after. Ransomware, business email compromise, malware, data theft: the catalog of modern digital disasters. Surefire Cyber's bet is that handling all of it under one roof, with automation accelerating the grind, beats the fragmented status quo.
Gouveia's gratitude to his backers is on the record, and it is specific. Forgepoint, he said, had gone above and beyond to help him build Surefire Cyber into a business - their relationships with advisors, partners, and clients across the industry, he noted, had been invaluable. Coming from a former intelligence officer, that is not flattery. It is an honest accounting of what it takes to launch into a crowded, high-stakes market.
The throughline across the Army, national security, consulting, and now the founder's chair is steadiness. Ransomware is chaos by design - it is built to make smart people panic and pay. Gouveia's whole career has been an argument that the antidote to chaos is a calm, prepared, well-equipped team. He just turned that argument into a company.
We used automation to empower our team with tools that gave them better, faster outcomes.
I wanted a partner who shares a commitment to defending companies, jobs, and our nation from the growing number of destructive cybercrimes.
Forgepoint has gone above and beyond to help me build Surefire Cyber into a business.
He was an Entrepreneur in Residence at the very VC firm that ended up funding him. The scout became the player.
Surefire Cyber sells to insurers, brokers, and law firms - the people behind a breach, not just the breached.
Columbia, Georgetown, and the U.S. Army intelligence corps. The resume reads more spy thriller than startup deck.