Governance & Risk Management , Vulnerability Assessment & Penetration Testing (VA/PT)
Pen Test Firm Cobalt Gets Product Wiz Sonali Shah as New CEO
Shah Replaces Chris Manton-Jones, Who Served as Cobalt's CEO in April 2022Cobalt tapped a longtime cybersecurity product leader as its next chief executive as the company expands its footprint from penetration testing to offensive security.
See Also: August Spotlight | Automated Threat Intelligence Correlation
The San Francisco-based vendor tasked Sonali Shah with further expanding Cobalt's platform, which now includes dynamic application security testing as well as offensive security testing for AI application. Shah joined Cobalt's board in January and started as CEO on Wednesday, replacing Chris Manton-Jones, who started as chief executive in April 2022 after more than six years spearheading sales for LogMeIn (see: New Cobalt CEO Chris Manton-Jones Pursues Enterprise Clients).
"Sonali brings the right experience to this team. She has the strategic vision and deep domain expertise needed to lead Cobalt into its next phase of growth," Highland Europe Partner Gajan Rajanathan said in a statement. The investment firm led Cobalt's $29 million Series B funding round in August 2020.
Shah has spent two decades in cybersecurity product organizations, including two years as Invicti's chief product officer; a year as Human's chief product officer; three years each at Veracode, Bitsight and Syniverse leading products and marketing; and seven years leading product marketing at Verisign. A Cobalt spokesperson told Information Security Media Group that Shah wasn't available for an interview.
"Cobalt is uniquely positioned to help enterprises manage the risk of their expanding attack surfaces with efficient and continuous offensive security programs," Shah said in a statement. "I am excited to work with the great team at Cobalt in this effort."
What Shah Brings to the Table
In the past quarter, Cobalt said, it has experienced a record number of penetration tests on its platform, underscoring the increasing demand for offensive security testing services. Cobalt said the expansion of its product suite allows the company to cater to a broader range of customers from SMBs to enterprises.
At her previous stops, Shah was instrumental in the development of the Bitsight Security Ratings platform and drove the transformation of legacy security technologies at Veracode and Invicti, Cobalt said. Shah's vision contributed to the $950 million sale of Veracode to Thoma Bravo in January 2019 as well as Summit Partners acquiring a majority stake in Invicti Security for $625 million in October 2021.
During Manton-Jones' time at Cobalt, the company said, it expanded its footprint in offensive security, achieved profitability, increased revenue and broadened its customer base. The company's headcount held steady at roughly 450 employees during Manton-Jones' 28 months at Cobalt. Manton-Jones wasn't quoted in the press release announcing Shah's appointment as CEO.
"Let me be the first to congratulate Sonali on her appointment," Manton-Jones said in a LinkedIn post on Thursday. "As I said to Cobalters yesterday; I knew Sonali would be an outstanding board member when I invited her to join the board, just as I know she'll be an outstanding CEO, now that the time has come."
Breaking the Glass Ceiling
Cobalt's recent product expansion includes tools for dynamic application security testing, attack surface management, digital risk assessments, and penetration testing for AI and large language models, the company said. Shah said Cobalt is in a unique position to help enterprises manage their expanding attack surface through continuous offensive security programs, and she plans to focus on maximizing value.
Shah's appointment makes her one of very few female CEOs of a major cybersecurity vendor. Eva Chen co-founded Trend Micro in 1988 and became CEO of the endpoint security vendor in 2005, a position she continues to hold today. British cybersecurity AI vendor Darktrace has been led by either Nicole Eagan, Poppy Gustafsson or both women in co-CEO roles since September 2014.
Kate Bolseth in July 2019 was promoted from chief operating officer to CEO of Fortra - formerly HelpSystems - and has spearheaded more than 10 security acquisitions since early 2021. And in April 2022, privileged access management vendor BeyondTrust promoted Chief Financial Officer and Chief Operating Officer Janine Seebeck to the CEO position.
A number of women have left the CEO ranks recently. Product leader Brian Roche took over as Veracode's CEO in April from Sam King, who had been CEO since 2019. And in July, ex-Virtana leader Kash Shaikh took over as CEO of Securonix from Nayaki Nayyar, who had been in the role for 19 months. Pam Murphy was Imperva's CEO from January 2020 until Thales bought the company in December.