Santiago Rosenblatt broke into PayPal and NBA League Pass at age six, found a marketplace glitch at fourteen that let him buy electronics for the price of shipping, then turned that curiosity into a career defending banks and fintechs. Today he is Founder and CEO of Strike, an AI-led continuous pentesting platform that compresses vulnerability detection from months to hours, protects 120+ companies across 20+ countries, and raised a $13.5M Series A to expand across the U.S. and Brazil.
Cobalt is the pioneer of Pentest as a Service (PtaaS), pairing a curated community of vetted offensive-security experts (the Cobalt Core) with a SaaS platform that turns penetration testing from a months-long procurement exercise into an on-demand, continuous program. Founded in 2013, the company now serves 1,500+ customers and is leaning hard into AI-augmented offensive security.
Sonali Shah is the CEO of Cobalt, the leading Pentest as a Service (PtaaS) platform, where she took the helm in August 2024 after serving on its board. A product visionary and operator with 20+ years in cybersecurity, she pioneered the first cybersecurity risk rating platform at Bitsight, helped shepherd Veracode through its $950 million sale to Thoma Bravo, and drove Invicti's $625 million acquisition before stepping up to run Cobalt. Educated at Wharton (MBA) and the London School of Economics (MS Economics), she brings a rare mix of Wall Street discipline and deep security product expertise to a company at the intersection of human-led and AI-powered offensive security.
Gadi Bashvitz is the Co-founder and CEO of Bright Security (formerly NeuraLegion), a San Rafael-based developer-centric Dynamic Application Security Testing (DAST) platform. A veteran of the Israeli Defense Forces' elite Unit 8200, he brings 25+ years of cybersecurity, product, and go-to-market experience to his mission of making application security accessible to every developer. Under his leadership, Bright Security raised a $20M Series A in 2022 and launched the Bright STAR autonomous security testing and remediation platform at RSA Conference 2025, achieving approximately 85% auto-remediation rates for its customers.
Rick Fitz is the Chief Executive Officer and Chairman of the Board at Contrast Security, the application security company behind the 'Shift Smart' approach to securing software from within. A 25-year enterprise software veteran, Fitz came to the role in April 2023 after six-plus years as SVP and General Manager of Splunk's IT Operations and Application Development Market Group, where he steered the company through landmark acquisitions including SignalFX. At Contrast, he leads a 240-person company with $274M in total funding as it works to redefine how developers and security teams find and fix vulnerabilities at runtime - inside applications as they run, rather than scanning from the outside.
Isaac Evans is the Founder and CEO of Semgrep, the developer-first application security platform that has redefined how modern engineering teams handle code security. An MIT-trained computer scientist with a background in U.S. Department of Defense security research, Evans co-founded Semgrep in 2017 with college roommates Drew Dennison and Luke O'Malley. Under his leadership, Semgrep grew from a niche static analysis tool into a platform scanning 75+ million code repositories annually, serving customers like Figma, Dropbox, Slack, and Snowflake. In February 2025, the company closed a $100M Series D led by Menlo Ventures, bringing total funding to $193M. Evans's core thesis - that security must serve developers, not obstruct them - has made Semgrep a defining force in the AppSec category.
Derek Fisher is a cybersecurity leader, award-winning author, and university instructor who has spent nearly three decades bridging the worlds of hardware engineering, software development, and application security. As VP of Application Security at Envestnet, he leads product security for a global fintech firm. He wrote the 'Application Security Program Handbook' (Manning Publishing), authored the 'Alicia Connected' children's book series on digital safety, teaches application security at Temple University, and runs the Securely Built newsletter - making complex security concepts accessible to engineers and leaders alike.