Pen Testing Company Cobalt Gets Product Wiz Sonali Shah as New CEO

The San Francisco-based vendor has tapped Sonali Shah to further expand the Cobalt platform, which now includes dynamic application security testing as well as offensive AI application security testing. Shah joined Cobalt’s board in January and began serving as CEO on Wednesday, replacing Chris Manton-Jones, who began serving as CEO in April 2022 after more than six years leading LogMeIn sales (see: Cobalt’s new CEO Chris Manton-Jones is courting corporate clients).

“Sonali brings the right experience to the team. She has the strategic vision and deep expertise needed to take Cobalt into its next phase of growth,” Highland Europe partner Gajan Rajanathan said in a statement. The investment firm led Cobalt’s $29 million Series B funding round in August 2020.

Shah has spent two decades in cybersecurity product organizations, including two years as chief product officer at Invicti; one year as chief product officer at Human; three years at Veracode, Bitsight, and Syniverse, leading product and marketing; and seven years leading product marketing at Verisign. A Cobalt spokesperson told Information Security Media Group that Shah was not available for an interview.

“Cobalt is uniquely positioned to help enterprises manage the risk of their expanding attack surfaces with effective and continuous offensive security programs,” Shah said in a statement. “I am excited to partner with the great Cobalt team on this endeavor.”

What Shah brings to the table

Last quarter, Cobalt said it saw a record number of penetration tests on its platform, underscoring the growing demand for offensive security testing services. Cobalt said the expansion of its product suite allows the company to serve a broader range of customers, from small and medium-sized businesses to enterprises.

In previous stints, Shah played a key role in developing the Bitsight Security Ratings platform and led the transformation of legacy security technologies at Veracode and Invicti, Cobalt said. Shah’s vision led to the sale of Veracode to Thoma Bravo for $950 million in January 2019, and Summit Partners’ acquisition of a majority stake in Invicti Security for $625 million in October 2021.

During Manton-Jones’ tenure at Cobalt, the company said it expanded its offensive security business, achieved profitability, increased revenue and expanded its customer base. The company’s headcount remained steady at about 450 during Manton-Jones’ 28 months at Cobalt. Manton-Jones was not quoted in the press release announcing Shah’s appointment as CEO.

“Let me be the first to congratulate Sonali on her appointment,” Manton-Jones said in a LinkedIn post on Thursday. “As I told Cobalters yesterday, I knew Sonali would be an outstanding board member when I invited her to join the board, just as I know she will be an outstanding CEO now that the time has come.”

Breaking the glass ceiling

The company said Cobalt’s latest product expansion includes tools for dynamic application security testing, attack surface management, digital risk assessment and penetration testing for AI and large language models. Shah said Cobalt is uniquely positioned to help enterprises manage their expanding attack surface through ongoing offensive security programs and plans to focus on maximizing value.

Shah’s appointment makes her one of the few women CEOs at a major cybersecurity vendor. Eva Chen co-founded Trend Micro in 1988 and became CEO of the endpoint security vendor in 2005, a position she holds today. British AI cybersecurity vendor Darktrace has been led by Nicole Eagan, Poppy Gustafsson or both women as co-CEOs since September 2014.

In July 2019, Kate Bolseth was promoted from COO to CEO at Fortra (formerly HelpSystems) and has led more than 10 security acquisitions since the beginning of 2021. In April 2022, privileged access management solutions provider BeyondTrust promoted Janine Seebeck, CFO and COO, to CEO.

Several women have recently left the CEO ranks. Product leader Brian Roche took over as CEO of Veracode in April from Sam King, who had been CEO since 2019. And in July, former Virtana leader Kash Shaikh took over as CEO of Securonix from Nayaka Nayyar, who had served in the role for 19 months. Pam Murphy was CEO of Imperva from January 2020 until Thales bought the company in December.