Jack Naglieri

THE STORY

From Practitioner to Pioneer

Nobody plans to become a unicorn founder by accident. But Jack Naglieri's path to building a $1.4 billion security company started with a cold email from an investor and an engineer who was tired of fighting fires with broken tools.

Before there was Panther, there was frustration. Jack worked the trenches - first at Verisign learning incident response, then at Yahoo's security team (the Paranoids, in the best possible sense), then at Airbnb's CSIRT where the scale of cloud infrastructure made traditional SIEM look like a fax machine in a fiber-optic world. The tools that existed were built for a different era. Splunk was expensive. Configurations were fragile. Real-time detection at cloud scale was closer to wishful thinking than operational reality.

So he did what engineers do: he built something. StreamAlert launched in 2017 as an open-source, serverless, real-time intrusion detection engine. Airbnb open-sourced it. High-tech companies adopted it. USENIX Enigma invited him to present it. Then an investor cold-emailed him - spotted the project, spotted the potential, spotted a practitioner with something to say. Jack quit his job in 2018 and founded Panther.

The idea was direct: take what StreamAlert proved was possible, turn it into a product any security team could use, and build it for the cloud-native world most companies already lived in. Panther chose Python as its detection language because, as Jack put it, it's "the most approachable language for security folks" - bridging the gap between traditional security scripting and structured, scalable detection engineering. The company name itself was deliberate: sleek, fast, protective.

By 2021, Panther raised $120M in a Series B led by Coatue, with ICONIQ Growth and Snowflake Ventures joining existing backers Lightspeed and S28 Capital. Total funding hit $140M. The valuation hit $1.4 billion. Customers included Coinbase, Docker, and enterprises processing petabytes of security data every month. The frustrated engineer had built a unicorn.

But Jack never fully left the engineering mindset behind. He still runs his own Panther instance. He aspires to personally contribute open-source detections to the company's GitHub. And today, through his Detection at Scale newsletter on Substack and its companion podcast, he's mapping the next transformation: AI agents that don't wait for rules to fire, agentic SIEMs that think rather than just aggregate, and the economics of security operations that shift when machines start doing the analysis. He saw the cloud-native SIEM moment before most. He's calling the AI-first moment now.

If you want to reach your limit, you have to train at your limit.

- Jack Naglieri

// FAST FACTS //

Wakes at 5-5:30 AM every day
Pescatarian; WHOOP tracker user
GitHub handle: jacknagz
George Mason University, B.S. Applied IT
Adopted California as home; beach is his "happy place"
Keeps a Notion DB of deep relationship questions
Named company after what he wanted to be: sleek, fast, protective

Hire people for specific strength versus a lack of weakness.

- Jack Naglieri, on building teams

CAREER TIMELINE

The Road to Unicorn

2012-2014

Security Analyst & Incident Responder at Verisign - first encounter with real-world threat response

2014-2016

Security Engineer at Yahoo (the Paranoids) - learned to operate at internet scale under constant threat

2016-2018

Security Engineering Manager at Airbnb CSIRT - built detection infrastructure in AWS; felt the pain of legacy SIEM firsthand

2017

Open-sourced StreamAlert - a serverless, real-time intrusion detection engine; presented at USENIX Enigma

2018

Founded Panther after receiving a cold email from an investor - quit his job and bet on cloud-native SIEM

2020

Panther raises Series A led by Lightspeed Venture Partners

2021

Panther raises $120M Series B at $1.4B valuation led by Coatue - unicorn status achieved

2022

Panther wins IA40 Award; Jack begins angel investing in runZero, Fleet DM, ConductorOne, Tromzo

2024-2026

Launches Detection at Scale newsletter and podcast; becomes the go-to voice on AI's impact on security operations

INSIDE THE MIND

What Makes Jack Naglieri Tick

01 THE ORIGIN

He Got Cold-Emailed Into a Unicorn

Jack wasn't looking for investors. He was a security engineer at Airbnb, grinding on detection infrastructure. An investor found StreamAlert, liked what they saw, sent an email. Jack quit his job. That's how a $1.4 billion company starts - with someone else's curiosity and one engineer willing to bet on himself.

02 THE PHILOSOPHY

Build for the Pain You've Lived

Panther wasn't a pivot or a market thesis. It was a direct response to tools that didn't work. Jack's investment thesis mirrors his founding story: he backs founders with practitioner backgrounds solving pain they've personally felt. He gravitates toward developers building security, and security teams that think like developers.

03 THE HABIT

5 AM. Every Day. No Exceptions.

Jack tracks his body the same way he tracks threats - obsessively. WHOOP wearable, pescatarian diet, morning workouts before the world wakes up. He's a self-directed optimizer who applies engineering rigor to his own biology. "If you want to reach your limit, you have to train at your limit." He means it.

04 THE FORECAST

The Agentic SIEM - Before You Heard the Term

Jack's been writing about AI agents transforming security operations since before most CISOs had GPT in their vocabulary. His Detection at Scale newsletter tracks the shift from SIEM-as-log-aggregator to SIEM-as-intelligent-analyst. He called cloud-native SIEM early. He's calling agentic SOC now.

05 THE PEOPLE SIDE

He Keeps a Database of Deep Questions

Behind the technical rigor is someone who takes relationships seriously. Jack maintains a Notion database of profound questions to ask new people - a deliberate practice for building real connections in a world of shallow networking. He says being a founder can be lonely. His answer is intentional depth.

06 THE LESSON

"We Only Make New Mistakes"

Jack's favorite investor wisdom - a line he has fully internalized. Not a blanket tolerance for failure, but a demand for learning. Every mistake earns its cost only if it buys new knowledge. For a founder who went from engineer to CEO with no instruction manual, this isn't philosophy. It's the operating system.

ANGEL PORTFOLIO

Where He Puts His Money

runZero

Cyber-asset management and network discovery platform

Fleet DM

Open-source device management for security teams

ConductorOne

Time-bound permissions and identity governance platform

Tromzo

Contextual vulnerability prioritization in the software delivery pipeline

IN HIS OWN WORDS

The Naglieri Playbook

"If you want to reach your limit, you have to train at your limit."

"Hire people for specific strength versus a lack of weakness."

"As a founder, your cap table should include angels with diverse backgrounds and operating experiences."

"Being a founder can be lonely, and having a strong support network of angels in your corner that have gone through the experience is extremely helpful."

OFF THE RECORD

The Human Behind the SIEM

The Beach Person

Ask Jack where he wants to be and he'll tell you: the beach. California is home now. Mountains are fine. New cities are interesting. But the beach is where the optimizer in him finally goes quiet. For someone who tracks his sleep, optimizes his diet, and runs security infrastructure at petabyte scale, that says something.

The Python Defender

He didn't choose Python for Panther's detection language randomly. It was a principled call: security people already know it, it bridges scripting and structured engineering, and it lowers the barrier to writing good detections. Product decisions disguised as technical decisions. That's the practitioner's edge.

The Open Source Believer

StreamAlert was his proof that good ideas spread when you release them. Even now as CEO, he talks about wanting to personally contribute open-source detections to Panther's GitHub. The instinct to build in the open didn't disappear when the org chart grew. It's still in the DNA.