BREAKING
Cobalt delivers 255,000 testing hours in 2025 Sonali Shah named CRN Women of the Year finalist 2025 Cobalt introduces AI-powered continuous pentesting at RSA 2026 12 critical vulnerabilities discovered per day under Shah's leadership Cobalt ranked #1 in 9 categories across 42 vendors on G2 #1 PTaaS platform - GigaOm Radar four consecutive years Cobalt delivers 255,000 testing hours in 2025 Sonali Shah named CRN Women of the Year finalist 2025 Cobalt introduces AI-powered continuous pentesting at RSA 2026 12 critical vulnerabilities discovered per day under Shah's leadership Cobalt ranked #1 in 9 categories across 42 vendors on G2 #1 PTaaS platform - GigaOm Radar four consecutive years
Cybersecurity Executive

Sonali
Shah

CEO  /  Cobalt  /  Boston, MA

Two decades. Three security companies reshaped. Billions in exits. Now running the offensive security platform that finds 12 critical vulnerabilities every single day.

20+
Years in Cybersecurity
$1.6B
Combined Exits (Veracode + Invicti)
1,400+
Enterprise Customers
Sonali Shah, CEO of Cobalt
CEO, Cobalt • Since Aug 2024
Profile

The Operator Who Walks Into Exits

There is a specific kind of person who shows up at a company, quietly rebuilds the product, helps engineer a nine-figure outcome, and then moves on to the next one. Sonali Shah has done it twice. First at Veracode - a $950 million sale to Thoma Bravo. Then at Invicti - a $625 million acquisition. Now she's running Cobalt as CEO, and nobody who's watched her track record is betting against a third.

She joined Cobalt's board in January 2024. Eight months later, she was named CEO. The board didn't have to look far - they'd been watching her think about the company's trajectory from the inside. That's not a coincidence. That's pattern recognition applied to people.

Cobalt is a Pentest as a Service company, which sounds niche until you realize that every enterprise with a digital surface area is a potential customer. The platform connects organizations to a vetted network of security researchers who perform penetration tests - simulated attacks designed to find vulnerabilities before actual attackers do. In 2025, Cobalt's pentesters uncovered an average of 12 critical vulnerabilities per day. Across the year: 255,000 testing hours. These are not abstract metrics. Each one represents a door that was locked before someone malicious tried the handle.

Shah's pitch is precise: traditional security testing runs on quarterly cycles. Threats don't. Her mandate is to make offensive security move at the speed of software development - continuous, AI-augmented, and deeply integrated into the development lifecycle rather than bolted on at the end.

At Bitsight, she built the product that became the industry's first cybersecurity risk rating platform - the equivalent of a credit score, but for how well companies manage their security posture. The category barely existed when she arrived. It's now a standard tool in board-level risk conversations. She didn't just contribute to that shift. She helped create the language for it.

Before Bitsight, there was a seven-year stretch at Verisign, then Syniverse, then Wall Street - a stint as an investment banker at Credit Suisse that she parlayed into a deep fluency with how companies get valued, sold, and rebuilt. The combination of financial architecture and product instinct is unusual. Most people develop one or the other. Shah developed both, and the resulting resume reads like a blueprint for how to turn security technology into durable business value.

Education

Wharton School, UPenn

MBA

London School of Economics

Master's in Economics

Career Stages
Credit Suisse
Banking
Verisign
7 yrs
Bitsight
Pioneered risk ratings
Veracode
$950M exit
Invicti
$625M exit
Cobalt
CEO 2024-
Tags
Cybersecurity PtaaS Product Leader CEO Offensive Security AI Security B2B SaaS Wharton LSE Bitsight Women in Tech
"Security leaders are operating in an environment where threats evolve faster than traditional testing models can keep up."
- Sonali Shah, CEO of Cobalt
By the Numbers

The Cobalt Scorecard Under Shah

255K
Testing Hours in 2025
Cobalt's strongest year on record
31K
Testing Days Delivered
2025 platform output
12
Critical Vulns / Day
Average discovered by Cobalt testers
88
G2 Badges in 2025
#1 in 9 categories across 42 vendors
7%+
Customer Growth
Mid-to-large enterprise momentum
4x
GigaOm Leader
PTaaS Radar - four consecutive years
Timeline

Career in Motion

Early Career
Investment banking at Credit Suisse on Wall Street. Learns how companies get valued and sold - knowledge she'll deploy decades later.
~2003-2010
Seven years at Verisign in product marketing. Builds foundational expertise at the intersection of digital identity and internet infrastructure.
~2010-2013
Product leadership at Syniverse. Continues building SaaS product muscle across a complex enterprise environment.
~2013-2016
Joins Bitsight. Pioneers the world's first cybersecurity risk rating platform - a category that becomes standard at board level globally.
~2016-2019
Product and marketing at Veracode. Transforms legacy app security technology. Plays a strategic role in the company's $950 million sale to Thoma Bravo (January 2019).
2019-2020
Chief Product Officer at Human Security. Develops product vision focused on bot and fraud prevention.
2020-2022
Chief Product Officer at Invicti Security. Drives modernization of web application and API testing. Contributes to $625 million acquisition by Summit Partners (October 2021).
January 2024
Joins Cobalt's Board of Directors - watching, shaping, and understanding the company from the inside.
August 28, 2024
Appointed CEO of Cobalt. The board's choice isn't a surprise to anyone watching.
2025
Leads Cobalt to its strongest year on record. Named finalist for CRN Women of the Year (CEO category). Scales platform to 88 G2 badges and #1 ranking in 9 penetration testing categories.
March 2026
Announces new AI capabilities for continuous pentesting at RSA Conference - merging human expertise with AI intelligence at speed and scale.
The Leader

Culture Is the Product Nobody Ships

Shah runs Cobalt from Boston, which is not incidental. The city is home to 826 Boston, a nonprofit focused on youth writing education, and Mass TLC, the Massachusetts Technology Leadership Council - both of which she serves on the board. The choice to anchor community involvement in the same city where she works suggests someone who doesn't separate professional identity from civic responsibility.

She's also on the board at Shibumi and advises ThreatX, while mentoring entrepreneurs through Springboard Enterprises and Astia. For someone running a company with 510 employees and 1,400+ enterprise customers, that's a significant volume of outside commitment. It speaks to a particular philosophy: that investing in the broader ecosystem isn't charity, it's infrastructure.

Her leadership framework centers on three pillars she talks about openly: a shared vision that's understood company-wide, not just in the executive suite; continuous communication that celebrates wins and processes failures in equal measure; and clear accountability structures that don't get blurry under pressure.

On culture: "It can be quickly destroyed despite taking considerable time to build." The observation is almost self-evident when stated that way, but Shah has lived through enough company scaling cycles to know it's not obvious in practice. The companies that break culture do it gradually - each small compromise barely noticeable until the whole thing has shifted.

Her stated North Star as a leader: "What we'll be 18 to 24 months out." Not the current quarter, not the next one. The horizon she optimizes for is roughly two years forward. That kind of long thinking is rare in high-growth tech, where quarterly pressure is relentless. It's also why she keeps winning at exits - you can't architect a $950 million outcome if you're only planning six months ahead.

When Morphic Therapeutic - where her husband Praveen Tipirneni was CEO - was acquired by Eli Lilly in July 2024, both Shah and Tipirneni were running major organizations at the same time. She became Cobalt's CEO the following month. Two CEOs, one household, both active in July-August 2024 at inflection points in their respective companies.

Her father, Dr. Navin C. Shah, co-founded the American Association of Physicians of Indian Origin (AAPI) - one of the largest medical associations in the United States. Growing up the daughter of someone who built an institution from scratch gives you a particular lens on what institution-building actually requires.

"Leaders can no longer treat resilience as a back-office function."
- Sonali Shah, writing in 2025
Achievements

The Track Record

In Her Own Words

Quotes

"My North Star is what we'll be 18 to 24 months out."

"Maintaining culture requires intentionality, especially as companies scale."

"It's about supercharging people to do more for customers."

"I see many brilliant founders unable to communicate their company's value."

"Cobalt combines human-led expertise, AI efficiency, and years of testing data to give organizations continuous insight into real-world risk."

"When I first read what Mythos was capable of, it was clear we've reached an inflection point sooner than expected."

Off the Record

Five Things You Might Not Know

She paints acrylics on multiple mediums in her spare time - a creative outlet that runs about as opposite to penetration testing as you can get.

Her favorite travel destinations: Costa Rica, South Africa, India, and Peru. Four continents' worth of wanderlust.

Self-described "Thronie" - a Game of Thrones superfan who made the natural progression to House of Dragons.

Her husband Praveen Tipirneni was CEO of Morphic Therapeutic when it was acquired by Eli Lilly in July 2024. She became Cobalt CEO a month later. Simultaneous corner-office season.

Her father Dr. Navin C. Shah co-founded the American Association of Physicians of Indian Origin (AAPI) - one of the US's largest medical associations. Institution-building runs in the family.

She went from Wall Street investment banker to cybersecurity product leader to CEO - a path that's as rare as the person who walked it.

Community & Boards

Beyond Cobalt

Shah treats board seats and advisory roles as active investments, not resume decoration. She serves on corporate boards, nonprofit boards, and as a mentor to emerging founders - a throughline of community investment that spans Boston nonprofits to global entrepreneur networks.

Shibumi
Board of Directors
ThreatX
Board Advisor
826 Boston
Board Member
Mass TLC
Board Member
Springboard
Mentor / Advisor
Astia
Mentor / Advisor
Hestia
Collaborator
GreenLight Fund
Collaborator

Share This Profile

Find Sonali Shah Online

Links & Profiles

Cobalt.io Company Website
Cobalt Team Page Official Bio
LinkedIn @sonalinshah
Twitter / X @cobalt_io
Cobalt Blog Articles by Sonali Shah
Cobalt on LinkedIn Company Profile