Vinnie Liu, CEO and Co-Founder of Bishop Fox
Offensive Security

VinnieLiu

THE HACKER WHO BUILT AN EMPIRE

"The problems are bigger but the team we've built at Bishop Fox to tackle those problems is what I'm most proud of."

CEO & Co-Founder Bishop Fox CISSP
$175M
Funding Raised
20yr+
In Infosec
26%
Fortune 100
20K+ Projects Completed
390 Employees
97% Client Retention
86 Net Promoter Score

The Origin Story

Grew Up on IRC.
Works at the NSA. Then Everything.

Before Bishop Fox had a single invoice, before the pitch decks and the term sheets and the 390-person team, there was a teenager in Kentucky reading Phrack on IRC and learning to think like an attacker. Vinnie Liu did not stumble into cybersecurity. He was recruited - literally - through the channels where the early hacker scene lived.

Liu found out about an NSA program through his IRC connections - a path for high school graduates with an aptitude for cryptology, mathematics, or computer science. At 17, he became a full-time NSA analyst while simultaneously attending college, splitting his time between Langley-adjacent intelligence work and the University of Pennsylvania campus. He describes feeling like "the lowest guy on the totem pole" among people who were, in his words, exceptionally talented.

After Penn (Class of 2001, Pi Kappa Alpha), Liu moved through the private sector the way someone does when they already know what they're after: Ernst & Young Advanced Security Centers, then Honeywell International, where he led the Global Security unit's Attack & Penetration team. At Honeywell, he met Francis Brown. The two spent their off-hours moonlighting on penetration tests for Fortune 100 clients.

In Q3 2005, Liu and Brown decided the moonlighting was the point. Bishop Fox was born - not in a garage but in a living room in Arizona, as a side hustle that became something else entirely.

Quick Profile

Full Name Vincent Liu
Title CEO & Co-Founder
Company Bishop Fox
Education Univ. of Pennsylvania, '01
Location San Francisco, CA
Certification CISSP

Advisory Roles

AppOmni Advisor
Elevate Security Advisor
Mod N Labs Advisor
UAT Advisory Board
PLI Returning Faculty

Field Notes

  • Started at NSA at 17 through an IRC connection
  • Discovered Phrack in high school - a defining moment
  • Pi Kappa Alpha, Penn class of 2001
  • Grew up in Kentucky; childhood hunting in Louisiana
  • Co-authored 7 cybersecurity books
There were years when we didn't pay ourselves... we drove around this beater, a faded purple 1993 Toyota Corolla where everything was manual but the transmission.
- Vinnie Liu, on bootstrapping Bishop Fox

The Build

13 Years. No Outside Money.
A Faded Purple Corolla.

Bishop Fox ran bootstrapped for thirteen years. By the standards of the current startup era, this is nearly unthinkable. No angels, no seed rounds, no quarterly board decks. Liu and Brown grew from three employees to a $20M annual revenue business serving a quarter of the Fortune 100 - on customer payments alone.

The company had gaps that venture money might have papered over earlier. "We didn't even have annual budgets," Liu has said. "The biggest issue that our customers had with us is that we would send them invoices late." The culture was technical excellence first, operational precision when they got around to it. Sometimes Liu and Brown didn't draw salaries. The faded purple '93 Toyota Corolla - everything manual but the transmission - became something of a totem for those years.

What they built despite those gaps, or maybe because of them, was a firm whose reputation was bulletproof. The world's best offensive security practitioners wanted to work there. Clients who hired them once hired them again at a 97% retention rate. NPS scores hit 86 - not a typical consulting firm number. When Liu eventually went to raise capital in 2019, investors didn't have to be sold on the quality of the work.

The $25M Series A from Forgepoint Capital wasn't about survival. It was about scale - specifically, about building the platform Liu had been imagining for years. "We could build an Iron Man suit for our testers and do it at scale," he told investors. That suit became Cosmos.

~1997
Joins NSA at 17 through IRC-era recruitment while attending college
2001
Graduates University of Pennsylvania (Pi Kappa Alpha, Beta Pi)
2001-2003
Security Consultant, Ernst & Young Advanced Security Centers
2003-2005
Leads Attack & Penetration team, Honeywell International Global Security
2005
Co-founds Bishop Fox with Francis Brown as side project; goes full-time Feb 2006
2005-2019
13 years bootstrapped; grows to $20M revenue, 25% Fortune 100 clients
2019
Raises $25M Series A from Forgepoint Capital
2020
Launches Cosmos - continuous attack surface management platform
2021
Triples ARR; record customer growth
2022
Raises $129M total Series B (Carrick Capital + WestCap)
2024
Cosmos earns 3rd consecutive GigaOm Radar leadership position; ~60% ARR growth
2026
Launches Cosmos AI - AI-augmented penetration testing at enterprise scale

The Platform

Cosmos: An Iron Man Suit
for Elite Hackers

What It Does
Continuous Attack Surface Management
Finds and tests vulnerabilities before attackers do - at scale and in real time
Recognition
3x GigaOm Radar Leader
Three consecutive years as a strong leader in Attack Surface Management - plus Fast Mover classification (2024)
The Cosmos AI Edge
Human + Machine Synthesis
2026: Launched Cosmos AI, combining elite pen testers with proprietary AI for speed at scale

"Unlike other approaches that just deliver generic reports and guidance, Cosmos provides actionable findings with live access to testers, so security teams can ask questions and dig into details."

- Vinnie Liu on Cosmos

In His Own Words

What Vinnie Liu Actually Says

"The work we do for the foreseeable future will be a combination of human and machine."

On AI in offensive security

"AI is changing what's possible in offensive security, but the most value is realized when it's guided by experts that understand how real attackers operate."

On launching Cosmos AI, 2026

"The problems are bigger but the team we've built at Bishop Fox to tackle those problems is what I'm most proud of."

On scaling from startup to enterprise

"Surround yourself with really good people... It makes a huge difference when you can do it with people that you really enjoy being around."

Advice to founders

"Cosmos has been a game changer in augmenting and amplifying what represents one of the industry's largest and deepest offensive security teams."

On the Cosmos platform

"There were years when we didn't pay ourselves... we drove around this beater, a faded purple 1993 Toyota Corolla where everything was manual but the transmission."

On bootstrapping Bishop Fox

Published Works

Seven Books. Hundreds of
Vulnerabilities Found.

Long before the speaking circuit, Liu was in the stacks - co-authoring books that became standard references in the offensive security field. The Hacking Exposed series was exactly what the title implied: methodical, practitioner-level guides to understanding how attackers think, written by people who were actually doing the attacking.

Liu has contributed to seven books in total, including Hacking Exposed Wireless and Hacking Exposed Web Applications. He continues as a contributing columnist at Dark Reading, and has presented at Microsoft BlueHat, Black Hat, and DEF CON.

📚
Hacking Exposed Wireless
Co-Author - McGraw-Hill
📚
Hacking Exposed Web Applications
Co-Author - McGraw-Hill
📚
5 Additional Co-Authored Security Books
Various publishers - cybersecurity practitioner series

Speaking & Media

Conference Appearances

Black Hat Speaker
DEF CON Featured / Speaker
Microsoft BlueHat Presenter
RSA Conference Expert / Speaker

Media Coverage

NPR Cited / Interviewed
Al Jazeera Cited / Interviewed
The Information Cited / Interviewed
Dark Reading Contributing Columnist
SecurityWeek Contributor
Computer Weekly Featured Interview

The Present Tense

Bishop Fox in 2026

The company Liu runs today barely resembles the Arizona living room operation from 2005 - except in the places that matter. The culture still centers on what he called, from the beginning, "technical excellence and over-the-top service delivery." The clients are bigger, the stakes higher, the team larger. But the 97% retention rate suggests that something from those early years is still intact.

Bishop Fox now operates across Phoenix, Atlanta, San Francisco, New York City, and Barcelona. It serves 1,000+ customers including Amazon, Google, Equifax, Zoom, and John Deere - plus half of the Fortune 10. The Cosmos platform completed 20,000+ projects in six years and earned its third consecutive GigaOm Radar leadership ranking in 2024.

In February 2026, Liu launched Cosmos AI - not a rebrand, but a genuine evolution. The premise is the same one he has held since the Corolla days: the best security work happens at the intersection of human expertise and systematic process. AI changes the scale at which that work can happen. The fundamentals - hire the best hackers, focus obsessively on what clients need, build tools that amplify rather than replace judgment - stay the same.

Clients Served
1,000+
Including Amazon, Google, Equifax, Zoom & John Deere
Total Funding
$175M
Series A (2019) + Series B (2022)
Team Size
~390
From 3 founders to 390 cybersecurity professionals
"AI is changing what's possible in offensive security, but the most value is realized when it's guided by experts that understand how real attackers operate."
- Vinnie Liu, 2026 - on launching Cosmos AI

Watch & Listen

Vinnie Liu On Camera

Vinnie Liu: A Life in the Offensive Security Trenches
Security Conversations Podcast - YouTube
From Bootstrapped to Venture-Backed with Vinnie Liu
The Forgecast - Forgepoint Capital - YouTube
Bishop Fox Live at DEF CON 30 featuring Vinnie Liu
Bishop Fox - DEF CON 30 Interview

The Details

Things You Didn't Know
About Vinnie Liu

17
Age at NSA

Liu became a full-time NSA analyst at 17 through a recruitment program he found via IRC - the early internet hacker community's meeting place.

13
Years Bootstrapped

Bishop Fox ran for 13 years without outside investment - building to $20M revenue and 25% Fortune 100 market share on client payments alone.

7
Books Co-Authored

Including Hacking Exposed Wireless and Hacking Exposed Web Applications - the practitioner series that became standard reading in the security field.

The Corolla Story

For years during the bootstrap phase, Liu and co-founder Francis Brown skipped their own salaries to ensure employees got paid - and drove a faded purple 1993 Toyota Corolla with manual everything except the transmission.

Waterfowl Hunter

Liu resumed his childhood hobby of waterfowl hunting - from growing up in Louisiana - as a way to decompress from the pressures of running a rapidly scaling cybersecurity firm.

Phrack Reader

Liu first encountered the hacker community through IRC channels and the seminal underground publication Phrack in high school - before it was a career path, before it was an industry.

Topics & Expertise

Offensive Security Penetration Testing Attack Surface Management Red Teaming Cybersecurity Bishop Fox Cosmos Platform Bootstrapping Venture Funding NSA Hacking Exposed AI Security Cloud Security Application Security Security Strategy Fortune 100 DEF CON Black Hat CISSP Threat Modeling Wireless Security Social Engineering

Find Vinnie Liu Online

Links & Resources

🌐
Bishop Fox
in
LinkedIn
𝕏
Twitter / X
📝
BF Author Page
📰
SecurityWeek
🎧
Forgecast Podcast
YouTube Interview
🎧
Security Podcast