The spreadsheet that became a company
At Snap, somewhere around 2014, there was a Google Sheet. It tracked privacy reviews - which features touched user data, what got flagged, what shipped. The team ran several thousand of those reviews a year, and the sheet kept growing. New tab. New tab. New tab. It passed 100 tabs. Jad Boutros looked at that sheet, the way an engineer looks at a load-bearing hack, and understood it was both indispensable and absurd.
That sheet is now a company. TerraTrue, which Boutros co-founded in 2018 and runs as CEO, is the software that the 100-tab spreadsheet always wanted to be: a single source of truth that folds privacy-by-design and security-by-design directly into how products get built. It connects to the tools engineers already live in - Jira, the cloud, the data warehouse - and turns the privacy review from a bottleneck into a workflow. The company has raised roughly $20 million, including a $15 million Series A in 2021.
The distinction sounds academic until you've had to operationalize it for hundreds of engineers shipping on a deadline. Boutros has. Before TerraTrue, he was Snap's first Chief Security Officer - employee zero for the entire function. He built security, privacy engineering, and the spam-and-abuse programs from nothing, eventually overseeing a large organization of engineers. When a company that young brings in a security chief, it's making a bet that trust is worth building before you need it. Boutros was that bet.
Before the title, the plumbing
He didn't arrive at the C-suite by way of a business school. He arrived by way of email servers. Early in his career, Boutros wrote the unglamorous, load-bearing code that the internet runs on: at Novell, he worked on Border Manager and iChain, building a version of the SMTP proxy; at Oracle, he added performance and security extensions to IMAP and POP3 servers - including STARTTLS and proxy authentication. If you've ever sent an encrypted email, you've benefited from the category of work he was doing.
Then came Google, and nearly a decade of it. Boutros joined the information security team and spent over nine years conducting application security reviews, building defenses, and eventually leading security for the company's social products - including Google+. This is where the modern shape of his thinking formed: security at planetary scale, where you cannot personally review everything, so you have to build the systems that review for you. The lesson stuck. It's the entire premise of TerraTrue.
Privacy is personal - so build for that
For a man who writes security software, Boutros talks about privacy in remarkably human terms. "Privacy is very, very deeply personal," he has said - it varies by person, by context, by what each of us decides we're willing to share. That belief is the opposite of the compliance-checkbox mentality that dominates the industry. TerraTrue isn't designed to help companies survive an audit. It's designed to help product teams honor what users actually expect, at the speed products actually move.
His reunion with Chris Handman, Snap's former General Counsel, is the other half of the origin story. The lawyer and the engineer had already solved this problem once, together, inside one of the fastest-moving consumer companies on earth. TerraTrue is them deciding the rest of the industry deserved the same tooling - the lawyer's instinct for risk and the engineer's instinct for systems, fused into one platform.
The handle tells you everything
On Twitter and LinkedIn, Boutros goes by @secplusplus. It's a pun - "sec" plus "++", a wink at C++ and the engineer's habit of incrementing. It's also a thesis in six characters: security, but iterating; security, but as software. The man named his accounts after the idea he'd eventually build a company around.
On the subject of breaches - the thing every security leader dreads - his message to ordinary users is unexpectedly gentle. Use different passwords. Keep your software updated. And when a breach hits, "it's not your fault." It's a striking thing for a CSO to say. It reframes security away from blame and toward design: if the system failed, the system should have been built better. Which is, again, the whole point of what he does now.
Why now, and why this
The timing was not an accident. TerraTrue launched into a world that had just rewritten the rules on data. Europe's GDPR landed in 2018, the same year the company was founded. California's CCPA followed, then Virginia's VCDPA, then a steady drumbeat of state and national privacy laws that turned "handle user data carefully" from a virtue into a legal obligation with teeth. Suddenly every product team needed to answer questions - what data does this feature collect, where does it go, who can see it - that almost no one had built tooling to answer. Boutros had spent years answering exactly those questions by hand, at two of the most data-intensive companies on the planet. He knew the manual approach didn't scale. He'd watched it not scale, one spreadsheet tab at a time.
TerraTrue's pitch reflects that lived experience. It markets itself less as a compliance product and more as a collaboration layer - the place where the privacy team, the security team, and the engineers building the feature meet on common ground before anything ships. Data mapping, DPIA and LIA reporting, third-party and vendor risk, automated assessments, real-time monitoring of how data actually moves: the feature list reads like a checklist of everything Boutros once tracked manually. The difference is that the software does the tracking now, and it plugs into the tools engineers already use, so privacy stops being the thing that happens after the work and becomes part of the work itself.
The $15 million Series A in 2021 was the market agreeing. Investors don't fund privacy tooling out of altruism - they fund it because they can see the obligation coming for every company that touches customer data, which is to say, every company. Boutros and Handman had effectively run a pilot of the entire thesis inside Snap, and the results were the product. That's a rare kind of founder credibility: not a hunch about a problem, but a scar from solving it once already.
Boutros holds a bachelor's in computer engineering from McGill University and a master's in computer science from Stanford. Twenty-one-plus years into his career, sixteen of them spent specifically on security and privacy, he has arrived at a deceptively simple conviction: the right way to do privacy isn't a memo, a training, or a binder. It's a tool you actually want to open. He's spent his whole career hardening other people's products. TerraTrue is him building the one that hardens everyone else's.