Semgrep
GitHub
Snyk
Endor Labs
AWS
David brings 20+ years of IT and cybersecurity sales experience to his role at StackHawk. Learn what brought him here.
Why Runtime Application Security?
Throughout my career in IT and cybersecurity, I’ve had a front-row seat to major platform shifts: cloud migration, DevOps, container adoption. Each one reshaped how software gets built and eventually secured. What’s happening with AI-assisted development is, without a doubt, the most dramatic yet, with higher stakes for application security than ever.
Organizations are reporting an eightfold increase in code output through AI coding assistants. That’s not theoretical. It’s happening inside every engineering org right now (87% according to our recent survey!). And it has a longer tail impact than the market is paying attention to. The jury might be out as to how secure vs. vulnerable AI-generated code is. But what’s not up in the air: more code means more attack surface, more endpoints, and more to test. When security validation doesn’t scale at the same rate, the gap compounds fast.
And yet, AppSec tools are moving in the wrong direction, trading precision for promises with black-box approaches that can’t tell you what’s covered and what isn’t. Budgets are flat. Teams are stretched. And the CISOs I talk to aren’t asking for more tools. They’re asking three questions: Can you show me what we have? Can you prove it’s tested? Can you prove we’re reducing risk? Answering those takes dynamic testing that is API-first, pipeline-native, and defined as code. Not promises. Proof.
Why StackHawk?
AI has reset the software lifecycle. Every day is effectively Day 0. You either maintain perpetual visibility and continuously test what’s exploitable, or you try to find the needle in the haystack and end up finding it in production.
What drew me to StackHawk is that the approach maps to how modern AppSec actually needs to work: shift-left DAST that runs natively in CI/CD and finds real, exploitable vulnerabilities before production. That is the only way to keep up with the pace of AI. On top of that, the product this talented team has built is solving real problems for real customers. Attack surface discovery from source code, so you know what exists before production. Centralized program intelligence so leaders can prove what’s working and where risk lives.
Most tools are built for one audience. Developer tools that security teams tolerate. Security tools that developers ignore. StackHawk serves the full triangle of influence: practitioners, AppSec leaders, and CISOs.
I’m proud to be joining this team, and I’m looking forward to helping organizations understand their real attack surface, demonstrate actual risk reduction, and move as confidently as the AI-powered development teams they protect.
About David
David brings 20+ years in cloud-native and cybersecurity sales leadership to StackHawk. Most recently, he served as SVP of Sales at Uptycs, a cloud-native security analytics company. Before that, he held leadership roles at Rapid7 and DivvyCloud (acquired by Rapid7), where he led cloud security go-to-market efforts. Earlier in his career, David co-founded New Signature, a Microsoft cloud services provider later acquired by Cognizant, where he served as President and CRO and helped drive 12 consecutive years of double-digit revenue growth.
David has been recognized as a Washington Business Journal Minority Business Leader, a CRN 30 in Their 30s honoree, and a Washington Business Journal Corporate Philanthropy Award recipient for his work at New Signature.
