Behind every successful security company is a software engineer you’ve never heard of
Software engineers are building the future of security, not just adding vulnerabilities
Over the past several months, as everyone everywhere seems to predict that software engineering will soon be done entirely by AI, I’ve been noticing things that suggest a very different story: that AI makes great software engineers more, not less, important. I can go as far as to say that for a startup, attracting great software engineers is much more important than having a great idea. It’s ultimately the talent that will define if the company succeeds or fails, and nowhere is it more true than in cyber.
What most in the industry don’t realize is that behind every successful security company is a software engineer you’ve never heard of. Palo Alto, Zscaler, CrowdStrike, Cloudflare - all these and most other security companies have people who envisioned, architected, and built their platforms without becoming widely known, and even without holding the CTO title. In this piece, I am sharing some of their stories.
This issue is brought to you by… Intruder.
As AI Enables Bad Actors, How Are 3,000+ Teams Responding?
Shadow IT, supply chains, and cloud sprawl are expanding attack surfaces - and AI is helping attackers exploit weaknesses faster. Built on insights from 3,000+ organizations, Intruder’s 2025 Exposure Management Index reveals how defenders are adapting.
High-severity vulns are up nearly 20% since 2024.
Small teams fix faster than larger ones - but the gap’s closing.
Software companies lead, fixing criticals in just 13 days.
Get the full analysis and see where defenders stand in 2025.
Software engineers turn a vision for security into a reality
I am well aware that when security professionals hear that software engineers are going to be defining the future of security, they quickly tune out, thinking, “Well, this idea hasn’t worked well for us in the past”. The whole “shift left” movement has failed everywhere except for the world’s most mature and tech-forward companies (and even there, the reality is rarely as awesome as BSides talks suggest). The idea that software engineers are going to get excited about doing security work has proven to be, at best, overly optimistic and, at worst, a somewhat delusional fantasy.
I am not here to argue that this is about to change. Instead, I want to talk about something else: the role software engineers play in defining the very direction of the security industry itself. In all these conversations about “developers using AI to generate vulnerable code”, what often gets missed is that the very same software engineers are also the ones building the solutions that define how security gets done.
If you agree that companies like CrowdStrike, Palo Alto, Wiz, and Zscaler have done a decent job solving real enterprise problems, then you have to also acknowledge that the vast majority of these companies weren’t built by a bunch of security engineers. Now, I know there will always be people eager to comment that security vendors aren’t truly making any difference, but that’s not the point I’m making here, and I think we can agree that uninstalling antivirus software and replacing password managers with a single password won’t make us more secure. While founders and CEOs often get the credit for the vision and execution, not nearly enough is said about the engineers who turn that vision into reality. That is to me what matters, and that’s what I want to focus on.
Technical visionaries behind top security companies often remain unknown
What I find really interesting is that the majority of the brilliant minds behind the world’s largest security companies remain unknown. How many people know Yuming Mao, Chief Architect and one of the co-founders of Palo Alto Networks? He served as Chief Architect and a Distinguished Engineer at Juniper Networks, which he joined through the acquisition of NetScreen, but I was barely able to find one picture of him on the internet. How many people know Fengmin Gong, who worked with Nir and Yuming and led the conception, architecture design, and implementation of the appID/threat engines in the next-gen app-aware firewall? It’s fascinating how big a role brilliant Chinese engineers played in the early days of Palo Alto, yet history has largely lost their names.
Similarly, most of the people in security have never heard of Alex Ionescu, a brilliant technical powerhouse who served as CrowdStrike’s founding Chief Architect and Vice President of Endpoint Engineering. Early employees of CrowdStrike will tell you that there would be no Falcon as we know it without Alex Ionescu, but he doesn’t often talk about his story. Having left CrowdStrike in 2021, Alex came back in early 2025, which is most likely not a coincidence given what the company had been through a few months before he rejoined.
Another software engineering powerhouse behind one of the most valuable security companies in the world is Zscaler co-founder Kailash Kailash. In the case of Kailash, there’s actually quite a bit of information about him online, as Jay, Zscaler co-founder & CEO, always credits him with all the technological brilliance. Here is how Kailash himself talks about the origins of Zscaler, which was formerly known as SafeChannel: “It was during dinner at Jay’s house when he first proposed the idea of a cloud security platform. After we spoke, I was so convinced that this is the future, but the problem wasn’t easy to solve from a technology standpoint, and it hadn’t been done. After four months of development, discussion, and lots of trial and error, it seemed that we had a viable solution.”
The truly tragic story that few people in the industry know is what happened to the brilliant technologist behind Cloudflare. While today most know Matthew Prince (CEO) and Michelle Zatlyn (President), three people started Cloudflare. Lee Holloway, Cloudflare’s third co-founder and the technical genius who architected the platform and recruited and led the company’s early technical team, stepped down from Cloudflare in 2015, suffering a truly tragic form of dementia when he was only 36 years old. Wired discussed this story (there’s also this 2-minute video), but given how tragic it truly is, it is not surprising that there is no good place to talk about it.
All these stories are just examples that illustrate the core point of this piece: that every great security company was built by incredible engineers. In some cases, the main founder and CEO is that engineer, but in the majority of cases, they are not. Even if we don’t always know the names of technical geniuses behind each platform, there is always someone, and it’s usually a team, not a single person.
Israel wins in part because of its pool of software engineers who know security
There are many reasons why the Israeli security ecosystem has exploded in the past number of years - the continuous pipeline of great security talent, the culture of risk-taking, and the presence of value-add capital. All that is true. However, I think a large part of Israel’s success is its large pool of software engineers who understand security.
The United States arguably has much more security talent than Israel, which makes sense given the population. However, there are relatively few software engineers who combine 3 attributes:
Having a background in software engineering and experience building customer-facing products
Having experience, understanding, or passion for security
Having experience working at a startup or otherwise shipping products 0 to 1
Each of these attributes matters.
In the US, there are plenty of security engineers, and while many are great at writing automation scripts, connecting different tools, or even building some internal tools, the majority of them don’t have experience building products. But building products is a different discipline altogether because it requires thinking in terms of systems, scale, and user experience, not just functionality. Product engineering means understanding how to design for reliability, performance, onboarding, and long-term maintenance. It’s about solving a problem, not just once for your team, but for thousands of organizations with different architectures, constraints, and use cases. Product building demands a blend of creativity and rigor that extends beyond security expertise. It’s one thing to secure an environment; it’s another to build the platform others will depend on to secure theirs. This is why every successful security company has needed great product engineers alongside security domain experts (domain experts make sure that the product solves the right problem, and software engineers translate that domain knowledge into tools that scale).
At a startup, people need to be able to cut corners and to know which corners to cut. It’s a compromise between designing for scale, but also shipping something quickly, because without quick iteration, that scale will most likely never come. This is why startup experience also matters a lot. Many great software engineers who understand security in the US work at large enterprises like Microsoft, Google, AWS, Cisco, or even agencies like the NSA, but what makes an engineer successful working at Cisco is very different from what makes an engineer great at building products at a startup. Let me be clear: a person who has worked at any of the big companies can be a great fit for a startup, but someone who has only worked at big companies for a decade or longer is less likely to successfully adapt.
Lastly, either expertise or passion for security matters a lot as well. Sure, security is just another domain, and the vast majority of engineers are domain-agnostic. That is true, but security does require people to go a bit deeper, and if an engineer has absolutely zero interest in immersing themselves in that depth, they’re less likely to be successful.
Israel has created a fantastic pipeline of software engineers with experience working at startups and a strong passion for security. That’s one of their secrets, and to replicate their success, we have to replicate that.
Closing thoughts
I am sure I am biased. As an early-stage founder, hiring great engineers has been my main focus lately, so I’ve spent a lot of time thinking about what “great engineering” even means in the age of AI. While I read about companies trying to replace engineers with AI agents, my co-founder and I have been doubling down on the opposite bet: that the real breakthroughs will come not from AI itself, but from the best engineers who know how to use AI to get even better. It’s really bizarre to me that this is a contrarian idea in 2025, but there we are.
For people in the security industry (CISOs, security engineers, etc.), my message is simple: recognize that software developers aren’t just introducing vulnerabilities, they’re very much building the future of our industry, just as they’ve done in the past. Every breakthrough in cyber, be it endpoint or cloud security, has been built through the hands of software engineers who took ambitious visions and translated them into working products.
For founders, the lesson is also pretty clear: think of AI as a tool for engineers, not as a replacement. Hire great engineers and give them what they need to do their best work - autonomy, support, recognition, and an environment surrounded by other brilliant minds. Sure, give them the latest AI tools, but equally (or I’d argue even more) important, create room for real ownership, and make sure their impact is visible and rewarded.
Lastly, if you’re an engineer passionate or curious about security, or someone who wants to work on hard, foundational problems that matter, I’d love to connect. Not only because I’m hiring, but also because I know many other founders looking for great builders.