About
I’m a security and technology executive with more than 20 years of experience building���
Services
Activity
9K followers
-
Steve Cobb shared thisIf you're headed to Gartner RSM, come have lunch with us. Zafran Security is hosting a small roundtable with our CEO Sanaz Yashar and CISO Nathan Rollings. The conversation is going to center on Mythos and whether it's a genuine shift in how we think about vulnerability management and risk, or just the latest piece of noise the industry has dressed up as a framework. No slides. No pitch. Just a candid conversation with security leaders who are dealing with the same questions you are. Take a real break from the conference floor and the conference food. Spots are nearly full. DM me if you want me to get you on the list. Register here: https://lnkd.in/eRKiC7j8 PS - I'll be there too, if I can help you with anything!
-
Steve Cobb shared this🔐 If you're heading to Gartner Security & Risk Management Summit next week, let's connect. 𝐈'𝐥𝐥 𝐛𝐞 𝐚𝐭 𝐆𝐚𝐫𝐭𝐧𝐞𝐫 𝐒𝐞𝐜 𝐢𝐧 𝐍𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐇𝐚𝐫𝐛𝐨𝐫, 𝐌𝐃 𝐨𝐧 𝐛𝐞𝐡𝐚𝐥𝐟 𝐨𝐟 𝐙𝐚𝐟𝐫𝐚𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲, 𝐉𝐮𝐧𝐞 𝟏-𝟑. This is one of the few conferences where the conversations are actually worth having. CISOs, security leaders, and practitioners all in the same building talking about real problems, not vendor slideware. I want to talk about the gap most orgs are living in right now: your scanner is giving you 50,000 findings, your team is buried, and you still don't have a clear answer on what actually needs to be fixed first. That's not a people problem or a process problem. It's a context problem. And it's solvable. If you want to dig into risk-based vulnerability management, exposure prioritization, or just compare notes on what's working (and what isn't) in your program, grab some time with me onsite. 👉 Book a meeting: https://lnkd.in/eyDVAzhY 𝐖𝐡𝐚𝐭'𝐬 𝐭𝐡𝐞 𝐨𝐧𝐞 𝐭𝐡𝐢𝐧𝐠 𝐲𝐨𝐮'𝐫𝐞 𝐦𝐨𝐬𝐭 𝐡𝐨𝐩𝐢𝐧𝐠 𝐭𝐨 𝐠𝐞𝐭 𝐨𝐮𝐭 𝐨𝐟 𝐆𝐚𝐫𝐭𝐧𝐞𝐫 𝐒𝐞𝐜 𝐭𝐡𝐢𝐬 𝐲𝐞𝐚𝐫? #GartnerSec #CyberSecurity #CISO #VulnerabilityManagement #RiskBasedSecurity #Zafran #InfoSec
-
Steve Cobb shared this🔒 I've spent my career hunting threats, fixing broken security programs, and telling executives the uncomfortable truth about their risk posture. I've worked across almost every vertical, built and torn down security programs, and watched this industry evolve in ways I never expected. So when I decided it was time for something new, I wasn't looking for "just another vendor role." I needed a mission I actually believed in and a team that actually got it. I found both at Zafran Security. 𝐈'𝐦 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐚𝐬 𝐅𝐢𝐞𝐥𝐝 𝐂𝐈𝐒𝐎, 𝐚𝐧𝐝 𝐈 𝐜𝐨𝐮𝐥𝐝𝐧'𝐭 𝐛𝐞 𝐦𝐨𝐫𝐞 𝐟𝐢𝐫𝐞𝐝 𝐮𝐩 𝐚𝐛𝐨𝐮𝐭 𝐢𝐭. Here's the honest reason why I joined: the platform is legitimately different. Zafran's approach to risk-based vulnerability management actually correlates CVEs against your real compensating controls, your actual network topology, your EDR coverage. That's the kind of thinking I've been preaching to CISO peers for years. It's not theory. It's operational. It closes the gap between what your scanner says and what you actually need to fix. But solutions are only part of it. The people sealed the deal. This team has depth, they have conviction, and they have zero tolerance for security theater. That's rare. I'm grateful to Sanaz Yashar, Nathan Rollings, Tom Anthony and all the other great folks at Zafran! I'm here to work alongside CISOs and security leaders who are tired of drowning in vulnerability noise and ready to actually move the needle on risk reduction. 𝐍𝐞𝐰 𝐜𝐡𝐚𝐩𝐭𝐞𝐫. 𝐒𝐚𝐦𝐞 𝐦𝐢𝐬𝐬𝐢𝐨𝐧. 𝐖𝐚𝐲 𝐛𝐞𝐭𝐭𝐞𝐫 𝐰𝐞𝐚𝐩𝐨𝐧𝐬. 🤘 What's the biggest vulnerability noise problem you're dealing with right now? BTW, the question was, "Who was your favorite band in high school/college and what band member did you want to be?" Can you guess?? #CISO #CyberSecurity #VulnerabilityManagement #RiskBasedSecurity #Zafran #FieldCISO #InfoSec
-
Steve Cobb posted thisToday is my last day at SecurityScorecard. 👋 A little more than three years ago, I joined to help build out the security function across the company. What I'll carry with me isn't the wins or the war stories. It's the people. Aleksandr Yampolskiy and Sam Kassoumeh, thank you for the trust you placed in me, and for building a company that pushed an entire industry to take third-party risk seriously. That's no small thing. To my past and present team. You covered an enormous surface across Corporate Security, AppSec, Physical Security, Executive Security, and IT. You did it with grit, smarts, and good humor through some genuinely hard stretches. I'm proud of what we built together, and I'll be cheering for you from here. 🙏 To everyone else at SSC who collaborated, challenged me, or just made a hard day a little lighter, thank you. I'm not going far, and I'm not going quiet. More on where I'm landing next week. 👀 For now, happy Memorial Day. To those who served, and to the families who gave more than most of us can fully understand, we remember. Enjoy the long weekend, everyone.
-
Steve Cobb shared thisWhat a night at Duke Energy HQ in Charlotte. Spent yesterday with the CarolinaCISO 𝗔𝗱𝘃𝗶𝘀𝗼𝗿𝘆 𝗕𝗼𝗮𝗿𝗱, where I serve as a Founding Member, then rolled into the 𝟮𝟬𝟮𝟲 𝗢𝗥𝗕𝗜𝗘 𝗔𝘄𝗮𝗿𝗱𝘀 𝗟𝗲𝗮𝗱𝗲𝗿𝘀𝗵𝗶𝗽 𝗥𝗲𝗰𝗲𝗽𝘁𝗶𝗼𝗻 honoring this year's nominees. The highlight for me was moderating a leadership conversation with three people I genuinely learn from every time we talk: 🔹 Henry Capello, CISO at Dentsply Sirona 🔹 Martin Strasburger, SVP and CSO at Duke Energy 🔹 Mike Scheck, Senior Director, Information Security at Cisco The conversation went where the good ones always do. Real talk on board engagement, building security culture in companies that don't always prioritize it, and what it actually takes to lead through ambiguity. No slides. No talking points. Just honest perspectives from people doing the work. One more thing worth sharing. I'm humbled to be a 𝟮𝟬𝟮𝟲 𝗖𝗮𝗿𝗼𝗹𝗶𝗻𝗮𝗖𝗜𝗦𝗢 𝗢𝗥𝗕𝗜𝗘 𝗻𝗼𝗺𝗶𝗻𝗲𝗲 alongside an incredible group of leaders. What's the single hardest part of CISO life nobody warned you about? Drop it below. I'll start a list. #CISO #Cybersecurity #CarolinaCISO #ORBIE2026 #SecurityLeadership
-
Steve Cobb shared thisThis week in Dallas, I sat down with the teams from Cytactic, Crush Security, and Halcyon for a live CIRM simulation that hit closer to home than most tabletops ever do. The scenario: a regional healthcare system, compromised through third-party software. Patient data exposed. Clinical systems degraded. The clock running. The kind of incident that's stopped being hypothetical. What made this exercise different wasn't the chaos. It was watching how fast the picture sharpened when the right intelligence showed up at the right time. SecurityScorecard contributed Titan Secure intelligence to the simulation, and the moment the third-party vector surfaced, the room had answers it would have spent days chasing in a manual response: Which vendors share the same exposure. Which assets are reachable from the outside. Which threat actors are actively working that path. That's the difference between "we have a vendor list" and "we have a response plan." A few takeaways from the night: Third-party incidents don't respect your org chart. Legal, comms, IR, and the business are all in the room from minute one. Run your tabletops the same way. Inside-out attestation is not a substitute for outside-in evidence. Your vendor's last SOC 2 won't tell you they got popped yesterday. The hardest part of CIRM isn't the technical response. It's the decisions. Who do we notify, when, and with what we actually know versus what we're guessing. The teams that win these scenarios aren't the ones with the most tools. They're the ones who practiced together before the day it mattered. Big thanks to Cytactic for pulling this together, and to Crush Security and Halcyon for being in the trenches with us. This is the kind of collaboration the industry needs more of. Thanks to Nimrod Kozlovski, the great Tim Brown, and David Hannigan for partnering with me in the simulation! And thanks to Larry Slusser for getting us all organized and clicking the buttons! If you haven't run a third-party breach scenario in the last 12 months, that's your next sprint. #CyberResilience #TPRM #IncidentResponse #ThreatIntelligence #SecurityScorecard
-
Steve Cobb shared thisProud to be a part of the creation of this extremely useful guide in partnership with Third Party Risk Association (TPRA). Please go and comment on the draft and let us know your thoughts and suggestions! #TPRM #supplychain #TrustCenterSteve Cobb shared this📣 Third-Party Risk Management just got better. Say goodbye to the age of the infinite loop of vendor questionnaires. The Third Party Risk Association (TPRA) has announced the release of the Standard Trust Portal Guidance for Third Party Risk Management. SecurityScorecard is proud to have contributed to developing the guidance as a member of the TPRM Service Providers Advisory Council. 📑 The Standard Trust Portal Guidance for TPRM is designed to unify how organizations demonstrate security, compliance, privacy, and governance maturity. 🤝 SecurityScorecard is proud to be a partner with TPRA and others in defining the new era of Third-Party Risk Management. Other contributing organizations include: Aravo Solutions Bitsight Certa.ai Drata Inc. ProcessUnity RiskRecon by Mastercard Vanta Venminder, an NContracts Company SecurityScorecard proudly acknowledges the direct contributions of Steve Cobb, CISO in the development of the Standard Trust Portal Guidance for Third Party Risk Management. For more on the Standard Trust Portal Guidance for Third Party Risk Management from TPRA, see the full press release here: https://lnkd.in/gmbyEaK9 #CISO #cybersecurity #vendorriskmanagement #supplychain #TPRM #artificialintelligence #pressrelease
-
Steve Cobb shared thisHonored to be quoted in this Cybernews piece by Stefanie S. on the FBI's new warning about cyber-enabled cargo theft. Thanks to Stefanie and the Cybernews team for including me. 🔗 https://lnkd.in/dz2d7UP3 The numbers are hard to ignore: a 60% surge in cyber-enabled cargo theft since 2024, with losses approaching $725 million in 2025 across the US and Canada. 🚛 My take: The deeper issue is not only stolen cargo, but how easily trust can be manipulated across interconnected third-party relationships. Too often, vendor identity is treated as something familiar rather than something that must be verified. Organizations need to address spoofing before it reaches the workflow, not after it has already triggered operational disruptions. That means verifying changes to contacts, routing, pickup details, and account information through separate channels before action is taken. The FBI's attack chain is not exotic. It is phishing, stolen credentials, and a compromised broker email account. What makes it work is that legitimate business workflows assume the other party is who they say they are. Once an attacker can convincingly impersonate a trusted partner, ordinary business workflows can quickly become a direct path to operational and financial loss. In this environment, vendor trust must function as an active security control. Three things that change the math: 🛰 Continuous Outside-In monitoring of carriers, brokers, and load board partners, not point-in-time questionnaires 🤖 AI-driven detection of typosquatted domains, spoofed senders, and compromised vendor infrastructure before a load gets booked 🚨 Multi-channel verification baked into the workflow, with phone, in-person, or out-of-band confirmation for every routing change or carrier identity claim This is not a logistics problem with a cyber wrapper. It is a third-party risk problem with a freight outcome. If your TPRM program stops at the data layer, you are already a step behind the adversary. What is your team doing to verify vendor identity at the point of execution, not just at onboarding? Drop a comment. #TPRM #SupplyChainSecurity #ThreatIntel #CargoTheft #CybersecurityHackers pose as trucking firms to steal high-value cargo, FBI warnsHackers pose as trucking firms to steal high-value cargo, FBI warns
-
Steve Cobb shared thisThird-party risk stopped being a third-party problem a long time ago. It's fourth, fifth, nth-party. The vendor of your vendor's vendor. And the only honest answer to scaling that visibility is AI plus continuous monitoring, not bigger questionnaires and more analysts. A few things I dug into on the SecurityScorecard Weekly Brief: CISO Edition this week: • Why concentration risk is the silent killer in most TPRM programs • How AI lets a small team see the supply chain a large team can't • What it takes to move TPRM from compliance work to security work If you run a TPRM program and feel like the math doesn't work anymore, you're not wrong. It doesn't. Watch the full conversation: https://lnkd.in/eSCZq6dj More on TITAN: https://lnkd.in/eZNkrjvV #TPRM #SupplyChainSecurity #CyberRisk #ArtificialIntelligence #CyberSecuritySteve Cobb shared this⚠️ The risk lies not just in the third-party risk but also in the fourth, fifth, nth party risk. 📊 In this week’s Weekly Brief: The CISO Edition, SecurityScorecard CISO Steve Cobb talks the importance of AI in aiding TPRM teams scale their visibility beyond sole human capabilities. 🔗 With AI, TPRM teams are able to assess not just their immediate third-party vendors but the greater supply chain ecosystem of their third-party suppliers. This is critical for organizations to understand their actual risk and exposure. “ You might have three vendors that you consider medium impact to your organization, but all three of those vendors are using a common vendor to provide them services. That's what we consider concentration risk.” 👉 Subscribe to SecurityScorecard on YouTube for more insights on cyber risk, AI-empowered TPRM programs, supply chain security, and the evolving cyber threat landscape. To learn more about how you can leverage AI from SecurityScorecard in your TPRM program, visit our TITAN platform page: https://lnkd.in/eZNkrjvV #CyberSecurity #ArtificialIntelligence #ThirdPartyRisk #VendorManagement #SupplyChainSecurity #CyberRisk #TPRM #CyberAttack
Steve Cobb commented on a post
12h
Congratulations! 🎉 Franco Mejia
Steve Cobb replied to a comment
2d
Chandan Kochhar Thank you!
-
Steve Cobb liked thisSteve Cobb liked thisA big thank you to the Dallas CISO community for an incredible event yesterday 🙌 We had the privilege of hosting the 2026 CIRM Roadshow Dallas, along with Halcyon , Crush Security, SecurityScorecard and Tim Brown. Through an evening of good drinks, great Texas BBQ, and a deep dive into a live cyber crisis simulation, it was inspiring to see security leaders’ take on how the "Better Together" approach is the key to minimizing organizational impact during a crisis. Let's continue driving the next generation of incident response. See you at the next stop! 🚙 #CIRMroadshow #cytactic
-
Steve Cobb liked thisSteve Cobb liked thisThe past few weeks at SecurityScorecard highlighted what exemplary business looks like in 2026. I had the opportunity to travel with clients and partners, engaging in genuine discussions about AI—beyond surface-level insights, focusing on strategic implications. One client encapsulated it perfectly: “We’re not just spinning up a few Copilot users.” This mindset is crucial. The companies that are advancing are not merely experimenting; they are reimagining their entire operations with AI and tools like Claude to achieve significant ROI. However, there is one aspect that no algorithm can replace: the importance of in-person interactions. I hosted two after-work cocktail hours bringing together cross-functional teams—Sales, CSM, Product, Tech, and HR—without any agenda or slides. It was simply about fostering real trust among colleagues. The key to success lies not in choosing between AI and human connection, but intentionally integrating both.
-
Steve Cobb liked thisHit me up if you’re interested!Steve Cobb liked thisThere are rare moments in a market where technology, team, and timing align perfectly. Zafran is experiencing one of those moments now. The demand signal created by Glasswing has highlighted the exact problem we were built to solve, and the market is responding with urgency and enthusiasm. In response, we are scaling to meet this demand by bringing on exceptional individuals who want to be part of something special and career-defining. We are expanding our sales organization with four new openings: 🔹 Major Account Executives — Philadelphia | New York City | United Kingdom 🔹 Enterprise Account Executive — Washington, D.C. This is not a role where you are pushing a product that the market hasn't caught up to. This is the dream job where you enter every conversation confident that your prospect will become your next customer because you address a problem they recognized but is now being emphasized by a narrowing exploitation window. Find out what the buzz is about and jump on the 🚀. NYC: https://lnkd.in/eKUWW4m5 Philly: https://lnkd.in/eEBBuckW UKI: https://lnkd.in/emxSwPtB #zafran #CTEM Tom Anthony Jonathan Wood Tyrone Emi Sanaz Yashar Angel Morales Mike LeBreux Rishi Sheth Whitney Coleman Andrew Marasa, MBA Ryan Imbriaco Erin Griebel Brett Robinson Josh Gresh Christina Solomon Chandra Balentine
-
Steve Cobb liked thisSteve Cobb liked thisBefore you get to the Gartner event this week and see what new acronym they came up with to "educate and align" the market have a read on this important topic. Cequence Security worked with me (and by that I mean they just said "hey do this research", which was awesome as that is how research is supposed to be) to put this detailed analysis on paper. Have read and prepare yourselves for a week or "insight".
-
Steve Cobb liked thisSteve Cobb liked thisGuess who won a leadership award? And no I didn’t buy it lol…
-
Steve Cobb liked thisSteve Cobb liked thisWe're excited to announce that BSides RDU is coming back to the McKimmon Center at NC State University in Raleigh on December 18, 2026! We had to shift our date this year from our usual fall time slot due to scheduling conflicts with other events, but this will give us the opportunity to celebrate the holiday season with our cybersecurity community. Come join us as an attendee, speaker, or sponsor! Tickets (Early Bird pricing of $35 through 7/30): https://lnkd.in/e2yhN8mT Speaker CFP: https://lnkd.in/e_YFM-be Sponsorships: https://lnkd.in/eVhT-s4G
-
Steve Cobb liked thisSteve Cobb liked thisI'm excited to be joining Vanta Chief Product Officer Jeremy Epling on the stage at Vanta's Trust Tour in New York on June 3rd. We'll be talking about something I think about constantly: how AI is changing the threat landscape faster than most security programs are built to handle. AI-powered vulnerability research means attackers are moving at a speed that no dashboard can keep pace with. At the same time, AI is allowing everyone in across the organization to build applications in a way that traditional SDLC processes weren't built for. At Pendo.io, my security team has been building with AI and securing against it at the same time, which is providing us with insights that are helping us rethink nearly every process along the way. If you're in NYC and working through how to scale a security program, prove its value to the business, and stay ahead of AI risk, come join us! Register for the live event in NYC: https://lnkd.in/e3jZQX8v Register to watch virtually: https://lnkd.in/eGdExWVY
-
Steve Cobb liked thisHeading to #GartnerSEC next week? Meet with Steve Cobb and our entire Zafran Security crew! Lots of great discussion around risk-based VM and exposure prioritization post-Mythos. Let me know if you'd like to meet with the team!
-
Steve Cobb liked thisSteve Cobb liked thisOne of my favorite things about GTM at a fast-growing startup is just how much a focused team can accomplish in 90 days. In Q1, we restructured our go-to-market around sharper segmentation, ran an SKO that brought together world-class investors, partners, and advisors, and welcomed new leaders who showed up on day one ready to make an impact for their teams. We, once again, set all-time records for bookings and pipeline. We launched new products. Our R&D team shipped innovation that genuinely moves the market. And then Mythos and Project Glasswing dropped: marking the beginning of a once-in-a-generation shift right in the middle of our core market. The opportunity just got bigger...and faster. Zafran sits on the precipice of a transformational moment in security. The team, the technology, the customers, the partners, the investors: I couldn't have drawn this up better. If you want to do the best work of your career, in a category that matters, at a company that's moving fast; we're hiring across nearly every function. Come build something iconic. See our open roles (https://lnkd.in/gNG6dqSB) and reach out to Christina Solomon Chandra Balentine or Megan (Calidonna) Aly Sanaz Yashar Ben Seri Nick Fisher Rotem Peled-Dvir Itay Nachum Hadas Bergman Tomer Admon Nathan Rollings Jonathan Wood Matthew Sattler Tyrone Emi George Tang Kevin Stinger Lior Simon Rama Sekhar Douglas Leone Adam Aarons Bogomil Balkansky Matt Bauer
Experience & Education
-
Zafran Security
View Steve’s full experience
See their title, tenure and more.
or
Licenses & Certifications
Recommendations received
6 people have recommended Steve
Join now to viewOther similar profiles
Explore more posts
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content