He once held the biggest cybersecurity budget on Wall Street. Then he built BlueVoyant for everyone who never could - the companies, suppliers, and governments left to defend themselves with a fraction of the resources.
Inside Morgan Stanley, the cyber budget was enormous - and that was exactly the problem. Jim Rosenthal sat as Chief Operating Officer, answerable directly to the CEO and the board for keeping one of the planet's largest banks out of the headlines. He had the money, the people, the threat feeds. And from that vantage point he saw something most executives never get to: how thin the defenses were everywhere else.
"The amount of money that we could spend at Morgan Stanley was not typical of the banking industry or any industry," he has said. That gap - between what a global bank could afford and what an ordinary company could - became the founding thesis of his next act.
So in 2017, at a point in life when many of his peers were collecting board seats and slowing down, Rosenthal started over. He co-founded BlueVoyant, a cybersecurity company built on a deceptively simple proposition: bring bank-grade defense to organizations that could never build it alone. Nine years later it spans New York, London, Budapest, Bogota, and Singapore - five cities, five continents - with more than 650 people and over $695 million raised.
Rosenthal frames BlueVoyant's mission around two things he cares about passionately. The first is internal: "Most companies didn't have the financial or people resources to defend themselves well on the cyber front." He wanted, in his words, to build "a company that could help every company that needed help running their internal security systems do it well."
The second is the part most executives discover too late. "Even those that were relatively well defended had a problem with external defence, particularly with their suppliers." Your weakest link is rarely you - it is the vendor three steps down your supply chain who has the keys to your data and none of your budget. BlueVoyant turned that insight into a product line: monitoring not just a client's own systems, but the sprawling web of third parties around them.
It is a strangely humble idea for a man with his resume. Most of cybersecurity sells fear. Rosenthal sells the unglamorous middle: the managed detection, the supply-chain scanning, the quiet work of catching a new attack quickly and raising defenses before it spreads.
Ask him to predict the future and he refuses the easy headline. "You can predict that the number of attacks will go up every year," he says. "It's not possible to exactly predict what the attack will be." The job, then, is not prophecy. "What it is possible to do is to very quickly identify new attacks and raise defences against them."
Artificial intelligence has sharpened the stakes on both sides of the line. "Machine learning and AI enabled attackers to do on a mass basis what they previously had to do on a customized basis," he notes. Spear-phishing, once a handcrafted exercise, became industrial. BlueVoyant's answer is symmetric: "We encounter AI on the offensive side, and we use it on the defensive side." The attack surface has "expanded dramatically over the last couple of years," and the company's bet is that rapid, AI-assisted defense can keep pace with cheap, AI-assisted offense.
He is clear-eyed about what good defense actually buys you. Not invincibility. "You have to be prepared for a world in which very good defence will cut off attacks pretty early, but they will succeed in some instances." Resilience, not perfection, is the target.
In May 2026, after nearly a decade in the chief executive's chair, Rosenthal handed the title to John Hernandez - a veteran of Quest Software, Genesys, Salesforce, IBM, and Cisco - brought in to accelerate the company's AI-driven platform and global growth. Rosenthal did not walk away. He became Chairman of the Board, the founder still steering the institution he built, now from one seat over. Tom Glocer, the prior chairman, shifted to vice-chairman.
It is a quietly characteristic move. The man who spent his Morgan Stanley years preparing the financial system for the day defenses fail - he co-chairs Sheltered Harbor, effectively a doomsday backup plan for the U.S. banking system - treats his own succession the same way. Build the thing to outlast the founder. Then step back and let it.
I wanted to found a company that could help every company that needed help running their internal security systems do it well.
Even those that were relatively well defended had a problem with external defence, particularly with their suppliers.
Machine learning and AI enabled attackers to do on a mass basis what they previously had to do on a customized basis.
We encounter AI on the offensive side, and we use it on the defensive side.
You can predict that the number of attacks will go up every year. It's not possible to exactly predict what the attack will be.
You have to be prepared for a world in which very good defence will cut off attacks pretty early, but they will succeed in some instances.
He has a Yale BA and a Harvard Law JD, and built his name in cybersecurity rather than the courtroom.
His pre-founder career is a finance greatest-hits reel: McKinsey, then Lehman Brothers, then Morgan Stanley.
He co-chairs Sheltered Harbor - essentially a doomsday backup plan for the U.S. financial system.
BlueVoyant's footprint runs New York, London, Budapest, Bogota, and Singapore. Five offices, five continents.