Ivan Novikov is the founder and CEO of Wallarm, an AI-powered API security platform that has raised over $70 million in funding including a $55M Series C in 2025. With 24+ years in cybersecurity, he is recognized as the inventor of memcached injection attacks and a pioneer of SSRF research, having earned bug bounty awards from Google, Facebook, Twitter, Tesla, and Yandex. A Y Combinator S16 alumnus with a physics background from Moscow State University, Novikov transformed hands-on offensive security expertise into a company protecting APIs for enterprises worldwide.
Wallarm is a San Francisco-based API and application security company protecting more than half of public-facing APIs at large enterprises with a unified platform for API discovery, attack prevention, and AI-era threat protection.
Stepan Ilyin is the Co-Founder and COO of Wallarm, a San Francisco-based API and application security company that raised $55M in Series C funding in 2025. A former whitehat hacker and Bauman Moscow State Technical University graduate, he co-founded Wallarm in 2013 alongside Ivan Novikov and others, with the company graduating from Y Combinator's S16 batch. Wallarm now protects Fortune 500 enterprises with AI-powered API security, real-time threat detection, and CI/CD-integrated vulnerability management. Ilyin has authored over 500 publications on DevSecOps, API security, and AI threat prevention, and is a recognized conference speaker at Black Hat, RSA, and similar venues.
Semgrep is a San Francisco application-security company that builds a unified AppSec platform (Code/SAST, Supply Chain/SCA, and Secrets) used by engineering teams at Dropbox, Figma, Snowflake and others. Born out of an open-source tool originally written at Facebook, it lets security teams write code-like rules and ship them through CI - cutting false positives and pushing fixes back to developers.
Gadi Bashvitz is the Co-founder and CEO of Bright Security (formerly NeuraLegion), a San Rafael-based developer-centric Dynamic Application Security Testing (DAST) platform. A veteran of the Israeli Defense Forces' elite Unit 8200, he brings 25+ years of cybersecurity, product, and go-to-market experience to his mission of making application security accessible to every developer. Under his leadership, Bright Security raised a $20M Series A in 2022 and launched the Bright STAR autonomous security testing and remediation platform at RSA Conference 2025, achieving approximately 85% auto-remediation rates for its customers.
Rick Fitz is the Chief Executive Officer and Chairman of the Board at Contrast Security, the application security company behind the 'Shift Smart' approach to securing software from within. A 25-year enterprise software veteran, Fitz came to the role in April 2023 after six-plus years as SVP and General Manager of Splunk's IT Operations and Application Development Market Group, where he steered the company through landmark acquisitions including SignalFX. At Contrast, he leads a 240-person company with $274M in total funding as it works to redefine how developers and security teams find and fix vulnerabilities at runtime - inside applications as they run, rather than scanning from the outside.
Sandeep Johri is the CEO of Checkmarx, the application security company headquartered in Paramus, New Jersey. A three-decade Silicon Valley operator, he previously built Tricentis from a small European startup into a global continuous-testing leader, ran HP's software acquisitions strategy, and founded identity-management pioneer Oblix, which Oracle bought for $150M.
Isaac Evans is the Founder and CEO of Semgrep, the developer-first application security platform that has redefined how modern engineering teams handle code security. An MIT-trained computer scientist with a background in U.S. Department of Defense security research, Evans co-founded Semgrep in 2017 with college roommates Drew Dennison and Luke O'Malley. Under his leadership, Semgrep grew from a niche static analysis tool into a platform scanning 75+ million code repositories annually, serving customers like Figma, Dropbox, Slack, and Snowflake. In February 2025, the company closed a $100M Series D led by Menlo Ventures, bringing total funding to $193M. Evans's core thesis - that security must serve developers, not obstruct them - has made Semgrep a defining force in the AppSec category.
ZeroPath is an AI-native application security platform that automatically finds and fixes software vulnerabilities. Founded in 2024 by four security and engineering veterans - including a former Google Security Engineer and a former Tesla Red Team engineer - ZeroPath replaces noisy legacy SAST tools with an LLM-powered engine that understands code semantics, verifies exploitability, and generates working patches. Within a year of launch, over 1,000 organizations trust ZeroPath to scan more than 200,000 codebases per month.
Chris Hughes is a U.S. Air Force veteran, co-founder and president of Aquia Inc., VP of Security Strategy at Zenity, and the founder of Resilient Cyber - a cybersecurity newsletter and podcast with 31,000+ subscribers. A three-time Wiley/Springer author, inaugural CISA Cyber Innovation Fellow, and adjunct professor at two universities, Hughes has become one of the most influential voices on software supply chain security, vulnerability management, and agentic AI security.
Derek Fisher is a cybersecurity leader, award-winning author, and university instructor who has spent nearly three decades bridging the worlds of hardware engineering, software development, and application security. As VP of Application Security at Envestnet, he leads product security for a global fintech firm. He wrote the 'Application Security Program Handbook' (Manning Publishing), authored the 'Alicia Connected' children's book series on digital safety, teaches application security at Temple University, and runs the Securely Built newsletter - making complex security concepts accessible to engineers and leaders alike.