Jasson Casey runs Beyond Identity from New York, where the company sells something deceptively simple: a way to log in that can't be phished, stolen, or faked. As CEO and cofounder, he has spent the last stretch of his career arguing that the security industry has been treating a symptom. Weak passwords, careless clicks, reused credentials - those are the things everyone tries to patch. Casey's claim is that the real disease sits one layer down, in the identity systems themselves.
"Identity system flaws are the root cause of modern security breaches," he says. It is the kind of line that sounds like marketing until you follow the logic. If an attacker can convincingly pretend to be a trusted employee, no amount of training or filtering fully closes the gap. So Beyond Identity's answer is to make the credential itself unstealable - binding a person's identity to a specific device, backed by hardware, so there is no shared secret to phish and no password to leak.
That approach is having a moment, because artificial intelligence has made impersonation cheap. Deepfaked voices and faces now show up in the same meetings and help-desk calls that companies rely on to verify people. Casey's read on that is blunt and, for a security executive, unusually calm.
"You're not going to reduce the rate of deepfakes. In fact, we're going to see that skyrocket. What you're going to do is figure out how to establish assurance that who I'm communicating with, or the data I'm consuming, is legitimate."
Jasson CaseyThe reframe matters. Most of the market wants to build better fake-detectors - software that studies a video and guesses whether it is real. Casey thinks that is a losing arms race. Detection is always chasing the latest generation of forgery. Proof of authenticity, by contrast, runs the other direction: instead of asking "is this fake?", it asks "can this person cryptographically prove they are who they say, on a device I already trust?" If the answer is no, it doesn't matter how good the deepfake looks.
An engineer's route to the corner office
Casey did not arrive at security through the boardroom. He arrived through the plumbing. He earned a bachelor's degree in electrical engineering from the University of Texas at Austin and a PhD from Texas A&M University, completed in 2019, with research in formal methods and systems security backed by the National Science Foundation and the Air Force Research Laboratory. Straddling both UT and A&M - the two great rivals of Texas engineering - is a small biographical joke that fits a career spent refusing easy camps.
Before Beyond Identity, he built things. He founded and ran Flowgrammable and Compiled Networks, ventures rooted in software-defined networking, and sat on the Software Leadership Council at the Open Networking Foundation. He held engineering and product roles across carriers and vendors, helping define technologies in carrier VoIP security and wireless mobility. He became a recognized voice in SDN before most of the industry knew what to do with it.
Then came the security names. He ran the engineering department at IronNet Cybersecurity, the startup founded by retired NSA director General Keith Alexander, overseeing its collective-intelligence platform and later advising the company. In 2016 he became SVP of Engineering and Chief Technology Officer at SecurityScorecard, the risk-ratings firm. Along the way he served as a cybersecurity fellow at the Center for Strategic and International Studies and a visiting fellow at George Mason University's National Security Institute - the policy end of a career that mostly lived in code.
"If I have device-bound, hardware-backed identity, I always know I'm talking to this person on this device with these security controls."
On why credentials should live in hardwareThe fork in the passwordless road
"Passwordless" is one of the most abused words in enterprise security, and Casey knows it. Plenty of vendors sell it as a convenience upgrade - a smoother login that happens to skip the password box. He insists buyers stop and choose which problem they are actually solving.
"If you're going on the passwordless journey, there's a fork in the road," he says. "Are you looking for passwordless for ease of use? Or passwordless for security and ease of use?" It is a pointed question, because a lot of passwordless products deliver the first without the second. A magic link or a one-time code is easier than a password, but it can still be intercepted, relayed, or socially engineered. Casey's version aims at both: an experience that is frictionless and, underneath, genuinely resistant to attack.
That underpinning is the device-bound passkey. Rather than storing a secret that could be copied, Beyond Identity's model keeps a private key locked inside the device's hardware. Authentication becomes a cryptographic handshake tied to a specific machine with a known security posture. "Cryptographically binding authentication to the device stops phishing, AI deepfakes, and credential theft at the source," Casey says. There is no password to steal because there is no password at all.
From CTO to the top job
Casey's climb inside Beyond Identity followed the engineering path rather than the sales one. He joined as Chief Technology Officer, stepped in as interim CEO in 2023, and then took the permanent chief executive role. It is a less common route to the top of a venture-backed company, where the CEO chair is often filled from the commercial side, and it shapes how he talks about the business - in terms of architecture and root cause rather than pipeline and positioning.
The strategy is now visibly widening beyond login. In March 2025, Beyond Identity announced a partnership with Nametag to fold identity-verification technology into its platform under a "Deepfake Defense" banner - a direct response to the impersonation threats Casey keeps returning to in interviews. Through 2025 he made the rounds on cybersecurity podcasts with a consistent message: in the age of AI, the goal is to make identity-based attacks not merely harder but effectively impossible.
Whether the whole industry follows his device-bound gospel is an open question. But the argument is coherent, and it comes from someone who has spent two decades in the wiring beneath it. Casey's bet is that the login box - one of the oldest, most familiar rituals of computing - was quietly the weakest link all along, and that fixing it properly means rebuilding it from the hardware up.