"The engineer who cold-emailed his way into a unicorn - and hasn't stopped building since."
He spent years watching security teams fight sophisticated attackers with brittle, overpriced tools. So he built something better. Today Jack Naglieri runs Panther - a cloud-native SIEM platform valued at $1.4 billion - and writes Detection at Scale, the newsletter telling the security world what comes next.
Nobody plans to become a unicorn founder by accident. But Jack Naglieri's path to building a $1.4 billion security company started with a cold email from an investor and an engineer who was tired of fighting fires with broken tools.
Before there was Panther, there was frustration. Jack worked the trenches - first at Verisign learning incident response, then at Yahoo's security team (the Paranoids, in the best possible sense), then at Airbnb's CSIRT where the scale of cloud infrastructure made traditional SIEM look like a fax machine in a fiber-optic world. The tools that existed were built for a different era. Splunk was expensive. Configurations were fragile. Real-time detection at cloud scale was closer to wishful thinking than operational reality.
So he did what engineers do: he built something. StreamAlert launched in 2017 as an open-source, serverless, real-time intrusion detection engine. Airbnb open-sourced it. High-tech companies adopted it. USENIX Enigma invited him to present it. Then an investor cold-emailed him - spotted the project, spotted the potential, spotted a practitioner with something to say. Jack quit his job in 2018 and founded Panther.
The idea was direct: take what StreamAlert proved was possible, turn it into a product any security team could use, and build it for the cloud-native world most companies already lived in. Panther chose Python as its detection language because, as Jack put it, it's "the most approachable language for security folks" - bridging the gap between traditional security scripting and structured, scalable detection engineering. The company name itself was deliberate: sleek, fast, protective.
By 2021, Panther raised $120M in a Series B led by Coatue, with ICONIQ Growth and Snowflake Ventures joining existing backers Lightspeed and S28 Capital. Total funding hit $140M. The valuation hit $1.4 billion. Customers included Coinbase, Docker, and enterprises processing petabytes of security data every month. The frustrated engineer had built a unicorn.
But Jack never fully left the engineering mindset behind. He still runs his own Panther instance. He aspires to personally contribute open-source detections to the company's GitHub. And today, through his Detection at Scale newsletter on Substack and its companion podcast, he's mapping the next transformation: AI agents that don't wait for rules to fire, agentic SIEMs that think rather than just aggregate, and the economics of security operations that shift when machines start doing the analysis. He saw the cloud-native SIEM moment before most. He's calling the AI-first moment now.