The operator who decided to price the risk nobody could measure
Jose Seara does not fit the standard cybersecurity founder mold. He is a naval and marine engineer who spent close to twenty years building physical infrastructure - cogeneration plants, wind projects, an entire renewable energy company - before he ever thought about writing risk models. Today he runs DeNexus, a Boston company that translates the abstract threat of a cyber attack into a number a chief financial officer can put in a budget.
That combination is the point. Seara came to cybersecurity from the buyer's chair, not the vendor's. As an energy operator responsible for facilities that ran on operational technology, he went looking for two things: a way to measure what a cyber attack on his plants would actually cost, and insurance to cover the exposure. He found neither. The tools built for corporate IT did not understand industrial control systems, and the insurance market had no credible way to price the risk.
So he turned the frustration into a company. DeNexus, which he founded in 2018, describes itself as the first end-to-end cyber risk management solution built specifically for the industrial sector. Rather than sell another detection tool, Seara assembled a mix of cybersecurity specialists, mathematicians, statisticians and data scientists to answer a financial question: if this factory, this power plant, this data center is attacked, how much money is on the line, and where should the next dollar of defense go?
From Madrid to the grid
The path started in Spain. Seara earned a master's in naval and marine engineering from the Universidad Politecnica de Madrid, then moved into energy - a founding partner at DeWind Co, a principal at PROYDECO Ingenieria y Servicios, a director at Proyectos de Cogeneracion. In 2006 an energy project carried him from Spain to San Francisco. What was meant to be a project became a chapter that lasted roughly seventeen years.
Over that span he served as President and CEO of NaturEner USA - now BHE Montana - and NaturEner Canada, building a renewable energy business with operations on both sides of the US-Canada border. He ran real assets in the real world, the kind of critical infrastructure that keeps lights on and machines running. That operating experience is the spine of everything DeNexus now does.
Seara likes to describe himself as having sat "on the other side of the table." He was the customer cybersecurity companies were trying to reach, and he knows exactly why their pitches fell flat. "I understand the pain of my customers because I have been one of them," he says - a line that doubles as the company's founding thesis.
Turning threats into financial metrics
The product is a platform called DeRISK. It ingests external threat intelligence and internal network data, runs both through customized risk models, and produces forecasts that get refreshed as new vulnerabilities surface. Instead of handing a security team a list of technical findings, it simulates attacks, estimates the financial damage, and ranks where mitigation spend will actually reduce exposure.
Seara frames industrial cyber attacks as low-probability, high-impact events - rare, but potentially catastrophic. "Think of a cyber attack compromising an entire country's electrical grid or disrupting a critical manufacturing process," he says. The traditional response to that fear is to spend more on tools and hope. He argues that is backwards. Quantify the risk first, then let the numbers drive the investment. It is the same discipline an insurer or a plant operator already lives by, applied to a domain that had been running on instinct.
His prediction for the field is blunt: risk-based cybersecurity will replace technology-driven cybersecurity. Boards and insurers, he believes, will increasingly demand a common financial language for cyber exposure, and the companies that can supply it will win.
People, trust and AI
For all the modeling, Seara is candid that the hardest problem is not technical. Clients share highly sensitive data drawn from their critical infrastructure facilities, and earning the right to hold that data is a matter of trust before it is a matter of math. He also keeps returning to a human truth learned from running actual operations: "The weakest cybersecurity link remains people." Resilience, in his telling, depends less on preventing every attack than on how quickly an organization can respond when one lands.
On artificial intelligence, he is measured rather than breathless. DeNexus uses machine learning to map vulnerabilities and streamline internal work, and Seara expects the models to grow sharper as the datasets deepen. He is equally clear that attackers are arming themselves with the same tools, which is precisely why defenders need a way to measure and prioritize instead of chasing every alert.
The company he has built reflects the borderless way he has always worked - data scientists and engineers across the United States, Spain and Switzerland, market teams close to customers in the US, Europe and the Middle East, and risk transfer tied to the UK and Bermuda. Backed by a $17.5 million Series A in 2024 and total funding near $32.85 million, DeNexus has extended its footprint across power generation, manufacturing, data centers and airports. For Seara, it is all one continuous story: an operator who could not buy the answer he needed, and decided to build it instead.