Vol. I · Founder FilesAustin, TX

Russell Spitler

The co-founder and CEO of Nudge Security is quietly indexing every SaaS and AI app your employees signed up for without telling anybody. In November 2025, Cerberus Ventures decided that project was worth $22.5 million.

Russell Spitler, Co-Founder and CEO of Nudge Security
Russell SpitlerCo-Founder & CEO, Nudge Security · photographed for the record
$22.5MSeries A · 2025
~$39MTotal funding
~200Customers
3xARR growth · 2 yrs
The Story

The perimeter moved to a corporate credit card, and Russell Spitler noticed first

Russell Spitler runs a company called Nudge Security, out of Austin, Texas, that does something small and increasingly urgent. It watches which SaaS apps and AI tools your employees sign up for using their work email, catalogs those apps, flags the risky ones, and sends the employee a polite message suggesting a better choice. The polite message is the product. The company has raised about $39 million to make sure the polite message arrives at the right moment.

This is, on paper, a governance product. In practice, it is a bet that the security perimeter of a modern company is no longer a firewall or an endpoint or even a login page. It is a credit card statement. The finance team already knows this. Security is catching up. Spitler is selling the map.

He and his co-founder Jaime Blasco - Nudge's CTO, and a longtime collaborator from AlienVault - launched the company publicly in October 2022. Since then Nudge has doubled its team from around twenty to closer to fifty, tripled its ARR two years running, and signed roughly two hundred customers across finance, biotech, healthcare, and entertainment. In November 2025, Cerberus Ventures led a $22.5 million Series A, bringing Ballistic Ventures, Forgepoint Capital, and Squadra Ventures along. Morgan Mahlock, of Cerberus, joined the board.

The framing Spitler has settled on for the moment is that the difference between an AI app and a SaaS app has evaporated. Every SaaS tool has an AI feature. Every AI tool ships with SaaS-style integrations, OAuth grants, and non-human identities that read your calendar, your Drive, and your Slack. Governing "AI" in isolation is, in his telling, an accounting fiction. You have to govern the whole surface.

That surface is enormous, growing, and mostly invisible. This is why Nudge exists.

"The difference between AI apps and SaaS has all but disappeared."— Russell Spitler, on the Series A
Career

Four security categories, on the ground floor of each one

Before Nudge, Spitler spent about fifteen years learning what does and does not sell inside enterprise security. He started at Fortify Software, one of the companies that effectively invented the application security category - the market Gartner now measures in the tens of billions. He was in product. He watched a category get built from nothing.

He then moved to AlienVault, where he ran product management, product strategy, and eventually held the SVP of Product title. AlienVault's play was a full-stack detection and response product priced for the mass market. It worked. During Spitler's tenure the company crossed thousands of commercial customers and tens of thousands of open source users. In 2012, he and Jaime Blasco co-founded the Open Threat Exchange - OTX - which is now one of the largest open threat intelligence communities in the world, with somewhere north of 180,000 participants depending on which year's number you use.

In 2018 AT&T acquired AlienVault. Spitler stayed on as VP of Products and Strategy at AT&T Cybersecurity, one of the five largest managed security service providers on the planet at the time. Big org, big responsibility, big customer base. He left to build something small on purpose.

Nudge is the result. It is a company built by a two-time product operator who has watched what happens when security tooling scales past the point where humans can be reasoned with, and who has, apparently, concluded that the fix is behavioral.

The Product

Discovery, then a nudge - in that order

Nudge Security's technical premise is that you can identify almost every SaaS or AI app an employee has signed up for by watching the signup email land in the corporate mailbox. Every SaaS free trial sends a confirmation. Every OAuth grant leaves an audit trail. Every "You joined a workspace" notification is, from Nudge's point of view, telemetry.

From there the product builds a full SaaS inventory: which app, which employee, which integrations, which permissions, which OAuth grants, which non-human identities, which last-used date. Then it applies the behavioral layer. Instead of blocking the app - the old shadow-IT playbook, which does not work and has never worked - Nudge sends the employee a message. Sometimes it is a request to justify the tool. Sometimes it is a recommendation to switch to the sanctioned equivalent. Sometimes it is an offboarding reminder when the employee leaves.

The bet on behavior over blocking is not new in security research. It is new as a shipping enterprise product.

Category Presence
Fortifyappsec
AlienVaultMSSP/XDR
OTXthreat intel
AT&T Cyberproduct strat
NudgeSaaS+AI gov
In order to secure workforce AI use at scale, you need to consider the entire SaaS ecosystem, including all SaaS and AI tools, their integrations, and the non-human identities that connect them. Russell Spitler · Nudge Series A announcement, 2025
Style

A quiet operator, running a loud category

Spitler is not the type of founder who lives on the timeline. His public writing runs in Dark Reading, the AT&T Cybersecurity blog, and Forbes' Technology Council column - venues that are read by CISOs and no one else. His LinkedIn posts about Nudge tend to mention Jaime Blasco twice. The company's press quotes come with the ARR numbers attached but no chest-beating on top.

Everyone who has worked with him describes an operator: product-first, long-horizon, understated. This is the profile you want in the CEO of a security company. The category is full of people selling fear. Spitler is selling counts.

The Bet

Why shadow AI is the same problem, times ten

The pitch to Cerberus, roughly reconstructed from the funding announcement, is that generative AI has done to enterprise IT what free-trial SaaS did a decade earlier, except faster and with far more sensitive data flowing outbound. An employee who spins up a paid ChatGPT workspace on a company card is not, in Nudge's frame, doing something categorically new. She is doing shadow IT with better UX and a bigger blast radius.

The old response - policy the tool out of existence - fails on contact with the actual workforce. The new response, Spitler argues, is to discover the tool the moment it appears, understand the integrations it opens, and route the employee toward a sanctioned equivalent without turning security into the department of no.

If he is right, "SaaS security posture management" and "AI governance" are the same market, and the winner needs the discovery layer more than the policy layer. Nudge has spent three years building the discovery layer.

Fun facts
  • The schoolColby College, a small liberal-arts college in Waterville, Maine. BA, Computer Science.
  • The partnershipHe and Jaime Blasco have now co-founded two things together: the Open Threat Exchange, and Nudge Security.
  • The geographyNudge is headquartered in Austin. Spitler lists his personal base as New York.
  • The four categoriesFortify (appsec), OTX (threat intel), AlienVault/AT&T (MSSP-scale XDR), Nudge (SSPM/AI governance). Ground floor of each.
A Career, Serialized

The chronology

Early career
Product leadership at Fortify Software, an early appsec pioneer.
2010s
Joins AlienVault. Rises from VP of Product Management to SVP Product.
2012
Co-founds the Open Threat Exchange with Jaime Blasco. It becomes one of the largest open threat intel communities in the world.
2018
AT&T acquires AlienVault. Becomes VP of Products & Strategy at AT&T Cybersecurity.
2021
Co-founds Nudge Security with Blasco.
Oct 2022
Nudge Security launches publicly.
2023-2024
3x ARR growth for two consecutive years.
Nov 2025
Closes $22.5M Series A led by Cerberus Ventures.
FAQ

Common questions

Who is Russell Spitler?

He is the co-founder and CEO of Nudge Security, an Austin-based cybersecurity company focused on SaaS and AI governance.

What did he do before Nudge Security?

He was VP of Products and Strategy at AT&T Cybersecurity, and before the acquisition ran product at AlienVault, where he co-founded the Open Threat Exchange. Earlier, he led product at Fortify Software.

How much has Nudge Security raised?

About $39 million total, including a $22.5 million Series A led by Cerberus Ventures announced in November 2025.

Where did he go to college?

Colby College, in Waterville, Maine, where he earned a BA in Computer Science.

Who is his co-founder?

Jaime Blasco, Nudge Security's CTO and his former colleague at AlienVault and the Open Threat Exchange.

The Sources

Where to read more