He inherited a startup with a wrecked pipeline and under $1M in revenue. He handed back the leader in SaaS security.
Walk into a head-to-head evaluation between Obsidian Security and the biggest names in the business, and Obsidian walks out with the deal more than eight times in ten. That is the company Hasan Imam runs - the one Salesforce, GitHub, ServiceNow, Workday and Atlassian trust to watch the inside of their SaaS estates.
Imam became CEO of Obsidian Security in 2021. The job description, unspoken, was triage. COVID had hollowed out the customer pipeline. Revenue sat under $1 million. The market was busy guarding endpoints and networks while the actual break-ins were quietly moving somewhere else - into Microsoft 365, Salesforce, Workday, the applications a company can't run a single day without.
Imam had seen that shift before most people had a name for it. He bet that the soft underbelly of the modern enterprise wasn't the laptop or the firewall - it was the sprawl of SaaS apps and the identities, human and otherwise, logging into them. Four years later Obsidian is the SaaS security choice for the Fortune 1000 and Forbes Global 2000, and the company frames its mission in a single phrase: be the confidence layer of the AI era.
The first decisions were the hard ones. Imam cut headcount by a quarter as the pandemic disruption hit, then set about rebuilding the product from the ground up rather than patching what existed. His sequencing was blunt and old-fashioned: people first, then product, then customers.
He recruited like someone who believed that. Xinran Wang, a former CTO at Palo Alto Networks and F5, joined the engineering side. Khanh Tran, a CrowdStrike veteran, came in as chief product officer. Brian Murphy, out of Okta, took the revenue org. The $90M Series C in 2022 went disproportionately into R&D rather than a sales blitz.
By late 2023, Forrester had named Obsidian a Strong Performer in its SaaS Security Posture Management Wave. The company had climbed from roughly fourth place to the front of the pack.
Imam spent a chunk of his career in revenue roles, and he is allergic to making the craft sound mystical. His whole theory of selling is short enough to remember: find the pain, understand it, solve it. Everything stacked on top of that, he argues, is people overcomplicating a simple thing.
Imam doesn't describe his path as a ladder. He describes it as a string of mini-careers, each one a fresh start in an unfamiliar function. He has been an engineer, a failed founder, a compliance fixer, an enterprise dealmaker, and a revenue chief - usually in that surprising order.
He started as a software engineer at Tandem Systems in the wreckage of the dot-com collapse, then went to Stanford for a master's in computer science. He founded a digital health startup that the 2008 financial crisis killed after two years. At Zantaz, a financial compliance and e-discovery firm, he salvaged a struggling $25M bank contract that others had written off. At DocuSign he pushed the company deeper into large enterprises and built strategic partnerships.
Then came Shape Security, where he ran revenue and grew the business from under $3 million to nearly $90 million in under four years. F5 bought Shape for $1 billion in 2019. He could have coasted into a comfortable growth-stage role afterward. Instead he chose a barely-known early-stage company because he saw an outsized bet hiding in plain sight.
One detail says a lot about how he operates: mid-career, against the standard advice to never switch functions, he deliberately moved from engineering into sales - specifically because sales had a reputation for being hard, and he wanted to understand why.
Imam grew up in Bangladesh. His father died when he was 11, and the family fell from middle-class stability to surviving on roughly $100 a month. He went to Malaysia for community college, transferred to the University of Wisconsin-Madison, and finished his computer science degree in under three years.
Ask him about the strategy behind all of it and he'll tell you there wasn't one. The throughline, instead, is a posture: do the best possible job with whatever is directly in front of you, and let the next thing reveal itself.
Somewhere along the way he noticed the thing he was actually good at - solving complex problems other people couldn't, and seeing solutions others didn't. He calls the trait that carries it "quiet determination," which is also a fair description of how Obsidian climbed without making much noise about it.
Imam's argument about AI is not the usual one. He isn't worried about the model. He's worried about the badge it carries.
AI agents, automations and service accounts now make up a growing share of the users inside enterprise SaaS - operating under valid credentials, outside any governance model, with no one watching. By Imam's account, agentic platforms generated more new integrations into enterprise SaaS last year than all other SaaS apps combined. Security teams, he points out, don't govern which agents get created or what privileges they inherit.
It is, in his framing, exactly the kind of problem you build a generational company around. The SaaS security he started chasing in 2021 turned out to be the foundation the AI agent revolution would stand on.