Brendan
O'Connor

The year is 2018. Brendan O'Connor has just left ServiceNow after one year. Before that, a decade at Salesforce as Chief Security Officer - the person Marc Benioff trusted to keep cloud computing's most famous brand from becoming a cautionary tale. The question hanging in the air: what do you do after you've secured one of the defining companies of the internet era?

The answer, for O'Connor, was specific and annoying. While running security at Salesforce, then at ServiceNow, he kept bumping into the same gap. Enterprises were adopting SaaS applications at speed. The configurations were complex. Third-party integrations were multiplying. And security teams had no visibility into any of it. He knew, because he had been the security team.

He co-founded AppOmni with Brian Soby in 2018 and pointed the company at that exact gap. The product they built - now called SaaS Security Posture Management, a category AppOmni effectively invented - gives security teams a way to see, audit, and control every SaaS configuration and third-party connection across the enterprise. The kind of tool O'Connor would have wanted at Salesforce.

The company grew fast. Triple-digit revenue growth for three consecutive years. Near-100% customer retention since founding. A roster that now includes 25% of the Fortune 100. Not because O'Connor marketed the category into existence - because the pain was already there, hiding in every enterprise that had swapped out its data center for a stack of SaaS subscriptions and assumed someone else was watching the door.

The investors took notice. Scale Venture Partners came in early. Salesforce Ventures - his former employer's own VC arm - backed the company. Then in June 2022, Thoma Bravo led a $70 million Series C, bringing total funding past $123 million at that point, and eventually to more than $202 million. For Thoma Bravo, the thesis was simple: SaaS security is not a feature, it's a market.

The problem O'Connor spent his career diagnosing comes down to misconfiguration and invisibility. SaaS applications are powerful by design - they integrate with everything, they allow deep customization, they push data across APIs constantly. That power is also the attack surface. A single misconfigured permission in Salesforce, a forgotten OAuth token in Slack, a third-party app connected to Microsoft 365 that no one in IT knows about - these are the vectors that produce headlines.

O'Connor has an instinct for the specific number that punctures complacency. His statistic about third-party apps - that security teams know about less than half of the applications with API access to their data - is the kind of figure that tends to end arguments in boardrooms. Not because it's alarming in the abstract, but because it means the invisible half is where the breach is most likely to start.

His background before Salesforce adds texture to why this resonated. He started his career in 2000 as an information security technician, worked through financial services security at First Bank, and came up through vulnerability research. He has looked at systems from the attacker's point of view, which gives him a particular clarity about where the gaps actually live versus where organizations think the gaps are.

The decade at Salesforce shaped his understanding of what "trust" means at scale. Salesforce built its entire business on the proposition that enterprises could put their most sensitive customer data in the cloud - and trust the vendor. O'Connor's job was to make that promise credible, year after year, as the attack surface grew and the regulatory environment shifted. The phrase "Chief Trust Officer" is part job title, part manifesto.

When he moved to ServiceNow for a year in 2017, he was not starting over - he was triangulating. One year as Security CTO at a different major SaaS platform was enough to confirm that the misconfiguration problem was not a Salesforce quirk. It was structural to the category. Every large SaaS platform had the same issue: powerful, configurable, deeply integrated, and effectively invisible to the security teams responsible for protecting the data inside them.

AppOmni's product strategy reflects that diagnostic precision. The platform analyzes configurations against security baselines, detects drift, maps third-party connections, and surfaces anomalies in user behavior - continuously, across every SaaS app in the enterprise. The company's own numbers tell the story: 2 billion security events analyzed daily, across more than 100 million SaaS user accounts. That is not a monitoring tool. That is an operating picture.

O'Connor transitioned from CEO to Chief Strategy Officer as AppOmni matured, with Neill Occhiogrosso stepping into the CEO role to scale the company's go-to-market operations. The pattern is common among technical founders who built a category: the insight work is done, the harder work of scaling the sales organization begins, and the founder moves to where they add the most value. For O'Connor, that is strategy, positioning, and the continued development of a category he effectively invented.

AppOmni's founding investor list - Salesforce Ventures alongside Thoma Bravo, Scale Venture Partners, ClearSky, and Costanoa Ventures - reads like a map of who understood the SaaS security problem earliest. The irony of Salesforce Ventures backing the company that helps enterprises not get breached by Salesforce misconfigurations is not lost on anyone who has watched the industry long enough.

What makes O'Connor's story notable is not the funding or the market position, but the original bet: that a problem he experienced as an insider, which he could not fully solve from the inside, was worth leaving to fix from the outside. He was right. The gap was real, the timing was right, and twenty years of learning what the attack surface actually looks like turned out to be exactly the right preparation for building the company that maps it.