GitLab is an AI-powered DevSecOps platform that brings the entire software development lifecycle - planning, source code management, CI/CD, security, and deployment - into a single application. Born as an open-source alternative to GitHub in 2011 and run as one of the world's largest all-remote companies, GitLab now serves enterprises and millions of developers, trades on Nasdaq under GTLB, and is pushing into agentic AI development with GitLab Duo.
JFrog is the company behind the universal software supply chain platform anchored by Artifactory, the binary repository that lets engineering teams store, secure, and ship every artifact - packages, containers, and now AI models - from a single source of truth. Founded in Israel in 2008 and headquartered in Sunnyvale, California, JFrog (NASDAQ: FROG) serves thousands of enterprises and crossed $531.8 million in revenue in 2025 while pushing its 'Liquid Software' vision of continuous, secure software flow.
Sonatype is the software supply chain management company behind Nexus Repository and the maintainer of Maven Central, the world's largest repository of open source Java components. Founded in 2008 by core contributors to Apache Maven, it helps developers and enterprises find, manage, and secure the open source code that powers modern software - blocking malicious packages, enforcing policy, and generating software bills of materials (SBOMs) across the development lifecycle.
Bhagwat Swaroop is the CEO of Sonatype, the software supply chain security company behind the Nexus platform and the world's largest repository of open source component intelligence. Appointed in July 2025, he brings nearly 30 years of cybersecurity and enterprise software leadership from Entrust, One Identity, Proofpoint, Symantec, NetApp, McKinsey, and Intel. Armed with an MBA from Wharton and an MS in Electrical Engineering from Arizona State, Swaroop is betting that developers - not perimeter firewalls - are the new front line of cybersecurity, and he's building Sonatype's AI-powered platform to prove it.
Shlomi Ben Haim is the co-founder, CEO and Chairman of JFrog, the Sunnyvale and Israel based company that built Artifactory and turned the unglamorous business of storing binaries into a Nasdaq listed platform for the software supply chain. A former Israeli Air Force major who spent twelve years in uniform before running AlphaCSP, he has led JFrog since 2008 with a slogan engineers actually quote back at him: liquid software, continuous updates, zero downtime.
Cobalt is the pioneer of Pentest as a Service (PtaaS), pairing a curated community of vetted offensive-security experts (the Cobalt Core) with a SaaS platform that turns penetration testing from a months-long procurement exercise into an on-demand, continuous program. Founded in 2013, the company now serves 1,500+ customers and is leaning hard into AI-augmented offensive security.
DuploCloud is a San Jose-based DevOps automation platform that turns plain-English application requirements into production-ready, compliance-aware cloud infrastructure across AWS, Azure and GCP. Founded by ex-Microsoft Azure engineer Venkat Thiruvengadam, it aims to give Main Street IT the hyperscale automation patterns once locked inside Big Tech.
Ev Kontsevoy is the co-founder and CEO of Teleport, a cybersecurity company building the identity-native infrastructure access platform trusted by organizations like Samsung, NASDAQ, and IBM. A serial entrepreneur who grew up in Siberia and studied applied mathematics, he previously co-founded Mailgun (acquired by Rackspace in 2012) before starting Teleport in 2015 to eliminate the fragmented, secrets-based approach to infrastructure security. Under his leadership, Teleport reached a $1.1B valuation with its $110M Series C, and he authored an O'Reilly book on identity-native infrastructure access management. He is now focused on defining agentic identity frameworks for the era of AI-driven enterprise infrastructure.
Ivan Novikov is the founder and CEO of Wallarm, an AI-powered API security platform that has raised over $70 million in funding including a $55M Series C in 2025. With 24+ years in cybersecurity, he is recognized as the inventor of memcached injection attacks and a pioneer of SSRF research, having earned bug bounty awards from Google, Facebook, Twitter, Tesla, and Yandex. A Y Combinator S16 alumnus with a physics background from Moscow State University, Novikov transformed hands-on offensive security expertise into a company protecting APIs for enterprises worldwide.
Jeyappragash 'JJ' Jeyakeerthi is the co-founder and CTO of Tetrate, the company that made Istio enterprise-ready and brought FIPS-verified service mesh to regulated industries including the US federal government. An IIT Madras graduate who once ran Twitter's Cloud Infrastructure, JJ co-founded Tetrate in 2018 with Varun Talwar to secure the cloud-native stack from edge to datacenter - building one of the most technically credible teams in the service mesh ecosystem, trusted by the US Air Force and some of the world's largest enterprises.
Mehran Farimani is the co-founder and CEO of RapidFort, a Sunnyvale-based software supply chain security company that raised a $42M Series A in February 2026. A 25-year technology veteran, Mehran previously led the Fiery division at Electronics for Imaging (EFI) as SVP & GM, then founded Percipo—a computer vision AI company whose technology reached 40,000+ retail locations. At RapidFort, he is pioneering the category of Software Attack Surface Management (SASM), helping organizations automatically harden container images and eliminate up to 80% of CVEs through runtime-aware profiling, without touching a single line of application code.
RapidFort is a Sunnyvale-based software supply chain security company that automatically hardens container images, strips unused components, and ships a library of curated near-zero-CVE images so engineering teams can ship secure software without rewriting it.
Teleport is the infrastructure identity company. Its open-source Access Platform replaces shared secrets, VPNs, and long-lived credentials with short-lived cryptographic identities for humans, machines, and AI agents accessing servers, Kubernetes clusters, databases, applications, and Windows desktops.
Tetrate is the application networking and security company founded by the creators of Istio and Envoy. It sells enterprise-grade service mesh, zero-trust connectivity, and - more recently - an AI gateway and agent router that lets enterprises run, route, govern and pay for traffic across many large language models from a single control plane.
Tigera is the creator of Calico, the open-source standard for Kubernetes networking and security that powers more than a million clusters every day. From its San Jose headquarters, the company sells Calico Cloud and Calico Enterprise - SaaS and on-prem platforms that bolt active runtime security, zero-trust microsegmentation, and observability onto container environments at any scale.
Upwind is a runtime-first Cloud Native Application Protection Platform (CNAPP) that unifies cloud and AI security across the full lifecycle. Founded in 2022 by the team behind Spot.io, the company uses eBPF-based runtime telemetry to give security teams real-time context on what's actually exploitable in production - cutting noise, surfacing real threats, and protecting cloud-native and AI workloads at the speed they run.
Wallarm is a San Francisco-based API and application security company protecting more than half of public-facing APIs at large enterprises with a unified platform for API discovery, attack prevention, and AI-era threat protection.
Stepan Ilyin is the Co-Founder and COO of Wallarm, a San Francisco-based API and application security company that raised $55M in Series C funding in 2025. A former whitehat hacker and Bauman Moscow State Technical University graduate, he co-founded Wallarm in 2013 alongside Ivan Novikov and others, with the company graduating from Y Combinator's S16 batch. Wallarm now protects Fortune 500 enterprises with AI-powered API security, real-time threat detection, and CI/CD-integrated vulnerability management. Ilyin has authored over 500 publications on DevSecOps, API security, and AI threat prevention, and is a recognized conference speaker at Black Hat, RSA, and similar venues.
Tenry Fu is the CEO and Co-Founder of Spectro Cloud, the enterprise Kubernetes management platform trusted by the U.S. Air Force, U.S. Navy, GE HealthCare, T-Mobile, and Nokia. A serial entrepreneur with 20+ years in system software, Fu previously co-founded CliQr Technologies - which Cisco acquired for $260M in 2016 - before returning with his same co-founders to tackle the next hard problem: making Kubernetes manageable across any environment at any scale. Spectro Cloud has raised $142.5M in total funding, including a $75M Series C led by Goldman Sachs, and holds a post-money valuation of $750M.
Varun Talwar is the co-founder and CTO of Tetrate, the enterprise service mesh company built on Istio and Envoy. Before Tetrate, he was the founding product manager for both gRPC and Istio at Google — two open-source projects now embedded in the plumbing of the modern internet. He helped stream Felix Baumgartner's 2012 space jump to 8% of all internet traffic, then spent a decade building the connectivity layer that would make that kind of scale routine. Today Tetrate has raised $52.5M and is redefining how AI agents talk to each other securely in production.
Venkat Thiruvengadam is the founder and CEO of DuploCloud, a no-code/low-code DevSecOps platform headquartered in San Jose, California. A founding member of Microsoft Azure's networking team, he wrote core parts of Azure's compute and network controller stack before building DuploCloud to bring hyperscale cloud automation - previously available only to giants like AWS and Microsoft - to mainstream enterprises. Under his leadership, DuploCloud has raised $52M in total funding (including a $32M Series B in 2023), grown ARR by 700% since 2021, and serves 100+ customers across healthcare, fintech, and enterprise software.
Dana Oshiro is General Partner at Heavybit, San Francisco's specialist fund for developer-first and cloud infrastructure startups. She joined in 2014 as the firm's original Operating Partner and has since helped launch 60+ developer products, led early positioning for companies like Snyk, LaunchDarkly, Netlify, CircleCI, and PagerDuty, and co-founded the DevGuild conference series. Before tech, she worked in public health and political strategy in Canada, including campaigns to establish North America's first safe injection site. Her investment sweet spot is $1.5M at pre-seed to Series A, backing technical founders building category-defining enterprise infrastructure.
Semgrep is a San Francisco application-security company that builds a unified AppSec platform (Code/SAST, Supply Chain/SCA, and Secrets) used by engineering teams at Dropbox, Figma, Snowflake and others. Born out of an open-source tool originally written at Facebook, it lets security teams write code-like rules and ship them through CI - cutting false positives and pushing fixes back to developers.
Jesse Robbins is General Partner at Heavybit, the San Francisco-based venture firm focused exclusively on developer-first companies. He co-founded Chef (sold to Progress Software for $200M+), invented GameDay chaos engineering at Amazon where he held the title 'Master of Disaster', and co-created the O'Reilly Velocity Conference that seeded the global DevOps movement. A former volunteer firefighter and EMT, he brings a crisis-responder's instincts to early-stage investing, backing companies like Snyk, PagerDuty, Fastly, LaunchDarkly, and Tailscale. His portfolio spans 60+ companies with five IPOs.
Gadi Bashvitz is the Co-founder and CEO of Bright Security (formerly NeuraLegion), a San Rafael-based developer-centric Dynamic Application Security Testing (DAST) platform. A veteran of the Israeli Defense Forces' elite Unit 8200, he brings 25+ years of cybersecurity, product, and go-to-market experience to his mission of making application security accessible to every developer. Under his leadership, Bright Security raised a $20M Series A in 2022 and launched the Bright STAR autonomous security testing and remediation platform at RSA Conference 2025, achieving approximately 85% auto-remediation rates for its customers.
Henry Poole is the co-founder and CEO of CivicActions, a professional services firm that has spent over two decades modernizing government digital services through open source software, agile methodologies, and human-centered design. A serial entrepreneur and open source visionary, Poole co-founded one of the first digital agencies (Vivid Studios) in 1993, published the landmark Affero General Public License (AGPLv1) in 2002 to close the 'ASP loophole' in open source licensing, and serves on the board of the Free Software Foundation. Under his leadership, CivicActions has become a trusted partner to major federal agencies including CMS, NSF, VA, and HHS, championing the principle that software built with public funds should be publicly owned.
Ram Naresh is the CEO and co-founder of Brillius Technologies, a Pleasanton, California-based IT services company he built from zero to $30 million in annual revenue over a decade. Starting as Formac Inc. in 2014, he steered the company through early-stage grind - 100-hour work weeks in the first five years - to become an Inc. 5000 honoree and a trusted DevOps and cloud transformation partner for Fortune 100 clients including Amazon, Apple, Verizon, CVS Health, and Kaiser Permanente. A former HP executive turned entrepreneur, he is now eyeing a doubling of revenue twice over the next ten years while expanding into AI, Canada, and Mexico.
Rick Fitz is the Chief Executive Officer and Chairman of the Board at Contrast Security, the application security company behind the 'Shift Smart' approach to securing software from within. A 25-year enterprise software veteran, Fitz came to the role in April 2023 after six-plus years as SVP and General Manager of Splunk's IT Operations and Application Development Market Group, where he steered the company through landmark acquisitions including SignalFX. At Contrast, he leads a 240-person company with $274M in total funding as it works to redefine how developers and security teams find and fix vulnerabilities at runtime - inside applications as they run, rather than scanning from the outside.
Rosalba Reynoso is the co-founder and CEO of Blue Trail Software, a San Francisco-based benefit corporation delivering custom software, AI/ML, IoT, and QA solutions for enterprises and scale-ups across the Americas and Europe. Coming from a human resources background rather than a technical one, she built a nearshore Pan-American IT company with teams across Mexico, Argentina, Uruguay, and Spain, serving Fortune 100 clients including Samsung, Cartier, Hewlett Packard, and Logitech. A proud Latina leading a women-founded and women-led firm, Reynoso champions diversity and inclusion, stakeholder empowerment, and social impact - from funding coding bootcamps for women in Mexico to creating the My Luna menopause-tracking app.
Sandeep Johri is the CEO of Checkmarx, the application security company headquartered in Paramus, New Jersey. A three-decade Silicon Valley operator, he previously built Tricentis from a small European startup into a global continuous-testing leader, ran HP's software acquisitions strategy, and founded identity-management pioneer Oblix, which Oracle bought for $150M.