9 Product Security Leaders You Should Be Following Already

Everyone talks about product security, but few actually lead it well. As software supply chains stretch across continents and AI pushes code into production faster than humans can review it, leadership (not tooling) is what separates teams that survive from those that stumble.

Strong product security leaders shape how engineering, compliance, and business strategy move together. They turn secure design into a competitive advantage and make sure security keeps up with delivery velocity instead of the other way around.

Table of Contents

1. Jamil Farshchi
2. Devon Bryan
3. Ruchira Gupta
4. David Reber
5. Julie Davila
6. Lara Mossler
7. Steve Springett
8. Kavia Venkatesh
9. Abhay Bhargav

‍

Jamil Farshchi

(LinkedIn)

Few security leaders have faced a challenge as public or as consequential as the one Jamil Farshchi took on at Equifax. As Executive Vice President, CISO, and now CTO, he has driven one of the most complete cybersecurity and technology transformations in recent memory. His dual role gives him direct control over both the security strategy and the technical infrastructure that supports it, closing the gap that often slows progress in large enterprises.

Turning crisis into a scalable security model

Farshchi joined Equifax after its 2017 breach, inheriting a complex environment under intense regulatory and public scrutiny. Instead of focusing on damage control, he rebuilt the organization’s security architecture and culture from the foundation up. That included overhauling infrastructure, centralizing governance, and embedding security into product development lifecycles across global teams.

Under his leadership, Equifax implemented a unified cloud strategy, continuous security monitoring, and engineering practices that link code quality directly to risk metrics. His approach turned compliance-driven remediation into measurable resilience, something most organizations struggle to achieve even without the pressure of global oversight.

A technical voice with real-world credibility

Farshchi’s visibility in the security community comes from his willingness to share lessons learned. He is a regular guest on major industry podcasts and has been featured in Forbes, The Wall Street Journal, and leading cybersecurity publications. His insights focus on how CISOs can move from reactive defense to proactive engineering.

Before Equifax, Farshchi held senior security roles at Visa and Los Alamos National Laboratory, experiences that shaped his pragmatic approach to building resilient systems at scale. His seat on the board of UKG further reflects how his perspective on risk and technology now influences executive decision-making across industries.

Key achievements

• Executive Vice President, CISO, and CTO at Equifax
• Led Equifax’s post-2017 breach recovery and security transformation
• Board member at UKG
• Former security leader at Visa and Los Alamos National Laboratory
• Featured in Forbes, The Wall Street Journal, and top industry podcasts

Farshchi’s career shows what happens when security and technology leadership operate as one function: strategic decisions translate directly into secure and scalable engineering outcomes.

‍

Devon Bryan

(LinkedIn)

Few leaders bring the range of experience that Devon Bryan does. As Global Chief Security Officer at Booking Holdings, he oversees cybersecurity for one of the largest digital travel and fintech ecosystems in the world. His role covers millions of daily transactions, sensitive consumer data, and a platform that connects travel, payments, and logistics across continents.

Applying cross-sector expertise to modern risk

Bryan’s background spans government, finance, and healthcare. Before Booking Holdings, he led cybersecurity at ADP, the Federal Reserve, and BlueCross BlueShield. That mix of regulated industries gives him an unusually broad understanding of how compliance, data privacy, and product engineering intersect in real-world environments.

At Booking Holdings, he has built programs that treat security as both a business and engineering function. His teams focus on secure software delivery, global data protection, and operational resilience across a network of high-traffic brands. The scope includes fintech integrations, third-party APIs, and digital identity systems that must operate securely in multiple jurisdictions. This means balancing speed, regulation, and customer trust under one cohesive strategy.

Bryan is also known for promoting diversity, equity, and inclusion in cybersecurity. He co-founded the International Consortium of Minority Cybersecurity Professionals, an organization that mentors and advances underrepresented talent across the industry. His leadership philosophy combines technical depth with a strong focus on team culture and long-term capability building.

A consistent voice in the security community

Bryan frequently speaks at RSA, SANS, and other leading conferences, where he shares lessons from building security programs across different sectors. His public insights often center on resilience, career growth, and how leadership decisions translate into measurable risk outcomes.

Key achievements

• Global Chief Security Officer, Booking Holdings
• Co-founder of the International Consortium of Minority Cybersecurity Professionals
• Former cybersecurity leader at ADP, Federal Reserve, and BlueCross BlueShield
• Frequent speaker at RSA, SANS, and other major security conferences

Bryan’s work reflects a complete view of modern security leadership: technical precision backed by cross-industry experience and a clear commitment to building stronger and more diverse security teams.

‍

Ruchira Gupta

(LinkedIn)

Ruchira Gupta leads global application and product security at Box, where protecting customer data is as critical as keeping collaboration seamless. Her role covers vulnerability management, secure development, and large-scale product assurance for one of the world’s most widely used cloud content platforms. She brings a sharp balance of technical depth and leadership maturity to a space that demands both speed and precision.

Building security into every layer of a global SaaS platform

Gupta’s work centers on embedding security into the entire software lifecycle. Her team integrates automated testing, threat modeling, and continuous validation into CI/CD pipelines so that security happens as code ships. This proactive approach allows Box to manage product risk across thousands of daily deployments without slowing delivery.

Beyond her day-to-day leadership, Gupta is the founder of Let’s Talk Software Security, a community focused on advancing application security awareness and technical excellence. She is also a frequent speaker at ArmorCode, Black Hat, and other global AppSec events, where she shares real-world lessons on scaling security programs that developers actually adopt.

Her influence extends across the AppSec community, where she’s recognized for bridging technical execution with cultural change, helping organizations move from security as a checkpoint to security as a shared responsibility.

Key Achievements

• Global Director, Application and Product Security at Box
• Founder of Let’s Talk Software Security community
• Speaker at ArmorCode and Black Hat events
• Multi-patent holder and award-winning software security leader

Gupta’s leadership shows how to operationalize application security in complex SaaS ecosystems: measurable, transparent, and fully aligned with business growth.

‍

David Reber

(LinkedIn)

David Reber heads product and cloud security at NVIDIA, one of the world’s most influential technology companies driving advancements in AI, data centers, and accelerated computing. His work sits at the intersection of secure infrastructure and innovation, where protecting global-scale systems must move as fast as the technology itself.

Driving secure engineering across AI and cloud platforms

Reber’s leadership focuses on making security an intrinsic part of NVIDIA’s product and engineering culture. His team builds controls into the company’s hardware, firmware, and cloud software ecosystems, ensuring that AI and GPU workloads are secured from the ground up. This includes embedding risk management and secure architecture practices across product lifecycles, from silicon to cloud deployment.

Before joining NVIDIA, Reber led major product security initiatives at Nutanix and served in U.S. government cyber operations. That experience shaped his precision-driven approach to building secure, scalable systems that withstand evolving threats. At NVIDIA, he continues to push forward standards for secure software supply chains, cloud integrity, and resilient infrastructure design.

A frequent speaker at global security and technology conferences, Reber shares insight into how security teams can evolve alongside the rapid expansion of AI and machine learning platforms. His thought leadership has helped define how product security operates in data-intensive, high-performance computing environments.

Key Achievements

• Chief Security Officer and Head of Product Security at NVIDIA
• Former security leader at Nutanix and U.S. government cyber operations
• Frequent speaker on AI security, secure infrastructure, and cloud architecture
• Advocate for embedding product security into the foundation of modern computing

Reber’s work demonstrates what next-generation product security leadership looks like: technically grounded, built for scale, and tightly integrated with the systems that power global innovation.

‍

Julie Davila

(LinkedIn)

Julie Davila leads global product security at GitLab, where software delivery happens at a speed and scale that defines how most enterprises now build. As Vice President of Product Security, she oversees programs that secure an end-to-end DevSecOps platform used by organizations across government, finance, and technology. Her work directly influences how developers, security engineers, and operations teams collaborate securely at scale.

Leading secure development in continuous delivery environments

Davila’s focus is on making secure development part of every workflow. Her team integrates product security, vulnerability management, and compliance validation directly into GitLab’s CI/CD pipeline, creating visibility and control across millions of code commits. She ensures that security measures evolve alongside rapid releases, compliance requirements, and customer expectations.

Before GitLab, Davila spent years driving security initiatives in cloud and enterprise environments, where she built frameworks that connected governance with engineering agility. She also co-founded the Federal Cloud Advisory Board, a nonprofit group improving cybersecurity collaboration across the public sector, and serves on the boards of Security Tinkerers and the Information Security Leadership Foundation.

Her perspective combines hands-on technical expertise with community leadership. She regularly shares guidance on DevSecOps best practices, FedRAMP alignment, and product security metrics that matter for both builders and executives.

Key achievements

• Vice President of Product Security at GitLab
• Founder of the Federal Cloud Advisory Board
• Board member of Security Tinkerers and Information Security Leadership Foundation
• Frequent speaker on DevSecOps, cloud security, and enterprise risk

Davila’s leadership reflects a mature view of product security: driven by automation, accountability, and collaboration across every stage of the software lifecycle.

‍

Lara Mossler

(LinkedIn)

Lara Mossler leads platforms and product security at AirBnB, bringing a deep background in privacy, product design, and secure system architecture. Her career spans Stripe and Capital One, giving her a front-row view of how large-scale digital businesses build trust through security, reliability, and responsible data handling.

Designing security that enables innovation

Mossler’s work focuses on securing the platforms that make modern digital products possible. At AirBnB, she leads teams responsible for risk modeling, privacy automation, and application protection across a global ecosystem of users and partners. Her approach blends security architecture with product thinking, ensuring that controls are built in from the start, not layered on after launch.

At Stripe, she played a key role in designing privacy automation and mobile authentication systems that supported massive growth without compromising user confidence. Her technical precision and leadership in secure platform development have made her a trusted voice in how to scale security for fast-moving, consumer-facing products.

She is also a mentor for emerging product security leaders and an active participant in discussions around innovation, design, and security integration. Mossler’s focus on transparency and cross-functional collaboration makes her a model for how product teams and security leaders can work as partners.

Key achievements

• Head of Platforms and Product Security at AirBnB (formerly Stripe and Capital One)
• Designed privacy automation and mobile authentication systems at scale
• Patent holder and advocate for product innovation leadership
• Mentor and thought leader in security design and platform strategy

Mossler shows how security can be an enabler of innovation: when it is built into design, aligned with business goals, and trusted by the people who depend on it.

‍

Steve Springett

(LinkedIn)

Steve Springett directs software security at ServiceNow and is one of the most respected voices in the global open-source security community. He is best known as the creator and core maintainer of Dependency-Track and CycloneDX, two frameworks that have become foundational for software supply chain visibility and Software Bill of Materials (SBOM) adoption.

Setting the benchmark for transparency and secure software delivery

Springett’s leadership centers on visibility, precision, and measurable assurance. At ServiceNow, he drives initiatives that secure development pipelines, enforce software integrity, and maintain compliance across thousands of enterprise products and customer environments. His focus on SBOM-driven management has reshaped how organizations track dependencies, assess risk, and respond to vulnerabilities in real time.

Through his work on CycloneDX, he has helped define international standards now recognized by governments, regulators, and major enterprises. These standards form the backbone of modern software transparency, making it possible to validate the provenance and security posture of every component that goes into a product.

Springett frequently speaks at global security and DevSecOps conferences, where he advocates for reproducible builds, secure-by-default design, and open collaboration between vendors and researchers. His commitment to open-source and community-driven progress has earned him a reputation as a pragmatic, results-focused leader in product security.

Key achievements

• Director of Software Security at ServiceNow
• Creator and maintainer of CycloneDX and Dependency-Track
• Contributor to global SBOM and supply chain security standards
• Speaker and thought leader in software assurance and open-source risk management

Springett’s impact reaches far beyond his own organization. His work is shaping how the entire industry defines and implements software supply chain security with standards that make every product more trustworthy by design.

‍

Ari Krakauer

(LinkedIn)

Ari Krakauer leads product security at Aviatrix, where he focuses on securing multi-cloud networking and infrastructure platforms that support enterprise-scale operations. His work blends cloud architecture, product assurance, and automation, helping organizations protect high-performance systems that span AWS, Azure, Google Cloud, and beyond.

Building security into the core of cloud connectivity

Krakauer’s leadership is rooted in engineering discipline. At Aviatrix, he drives secure-by-design development practices across product teams, ensuring every service is hardened from build through deployment. His approach leverages security automation, threat modeling, and deep observability to deliver measurable assurance across complex distributed environments.

Before joining Aviatrix, Krakauer led product security and vulnerability management at LinkedIn, where he developed scalable frameworks for secure service ownership and developer accountability. His earlier experience at Oracle and other technology companies gives him a comprehensive view of how enterprise systems evolve from on-premise to fully cloud-native architectures.

He is known for bringing clarity and structure to how organizations approach security maturity in multi-cloud ecosystems. Krakauer frequently contributes to discussions on automation-driven AppSec, developer enablement, and product security leadership for engineering-centric organizations.

Key achievements

• Head of Product Security at Aviatrix
• Former security leader at LinkedIn and Oracle
• Expert in multi-cloud product assurance and vulnerability management
• Advocate for automation and developer-driven security in large-scale environments

Krakauer’s leadership reflects the next phase of product security: where deep technical understanding of cloud systems translates into resilient and self-defending infrastructure.

‍

Kavia Venkatesh

(LinkedIn)

Venkatesh’s approach focuses on embedding product security into every stage of the software lifecycle. Her team partners closely with developers, architects, and compliance leaders to identify risks early and validate controls continuously. This alignment helps Cigna maintain resilience across a global technology footprint while managing evolving privacy, HIPAA, and FDA expectations.

Her leadership extends beyond internal programs. Venkatesh is an advocate for secure product development practices in healthcare technology, often speaking on how to align security goals with patient outcomes and data trust. She emphasizes measurable risk reduction, focusing on metrics that demonstrate impact, not just activity.

Venkatesh’s experience spans cloud transformation, secure software delivery, and compliance modernization across healthcare and life sciences. This combination allows her to connect business value with technical rigor, creating product security programs that scale in a heavily regulated industry.

Key achievements

• Product Security Leader at The Cigna Group
• Expert in healthcare cybersecurity and regulatory compliance
• Advocate for secure development and measurable risk management
• Leader in aligning AppSec and product teams across global healthcare systems

Venkatesh represents the kind of security leadership healthcare needs: data-driven, collaborative, and built on the understanding that protecting patient data is inseparable from delivering better care.

‍

Abhay Bhargav

(LinkedIn)

Abhay Bhargav is the Founder and Chief Research Officer at AppSecEngineer, where he focuses on turning modern security theory into hands-on capability. He has spent more than a decade helping engineering and product teams build secure applications faster, using real-world learning instead of classroom concepts. His work bridges the gap between product security leadership and day-to-day developer execution.

Turning product security into a practiced skillset

Bhargav’s mission is clear: make product security something teams can do, not just talk about. Through AppSecEngineer, he and his team have developed labs, simulations, and training platforms that teach secure coding, DevSecOps, threat modeling, and cloud security in the environments developers actually work in. The goal is to help companies operationalize product security, measured by fewer vulnerabilities, faster delivery, and better collaboration between security and engineering.

He is also the creator of SecurityReview.ai, a GenAI-powered platform that helps teams analyze and review security designs using natural language and contextual prompts. This work reflects his broader philosophy that security needs to scale with the pace of product development through automation and accessible learning.

Bhargav speaks frequently at conferences such as Black Hat, AppSec USA, and OWASP Global. His talks and research focus on how teams can combine automation, human judgment, and AI to build better security cultures.

Key achievements

• Founder and Chief Research Officer, AppSecEngineer
• Creator of SecurityReview.ai, an AI-based security design platform
• International speaker on DevSecOps, threat modeling, and AI in AppSec
• Author and instructor with a focus on hands-on security education

Bhargav’s leadership emphasizes practicality and scale, helping organizations build security expertise from the ground up so that every engineer contributes to stronger, safer products.

‍

Real leadership is built on impact

What sets these leaders apart isn’t the size of their teams or the weight of their titles. It’s how they move the field forward. Each of them brings something rare to product security with their deep technical insight, domain mastery, and a record of turning complex challenges into repeatable outcomes. They shape how organizations build, secure, and scale products that the world relies on.

If you care about staying ahead of real-world security issues, follow their work. Find them on LinkedIn, listen to their podcasts, and catch their talks. They consistently share lessons that come from experience.

At AppSecEngineer, we focus on the same mission: helping teams build security into every product decision. Our hands-on labs and learning paths teach developers, architects, and security engineers how to apply secure design thinking in real-world workflows. Because great security leaders aren’t born from titles or slides. They’re built from doing the work, one product at a time.

‍