AttackIQ Company Profile

Background

Founded in 2013, AttackIQ is a cybersecurity firm specializing in Adversarial Exposure Validation (AEV). The company's mission is to assist organizations in continuously validating their security controls and managing threat exposure through real-world attack simulations. By aligning with the MITRE ATT&CK framework, AttackIQ enables clients to proactively identify vulnerabilities and enhance their security posture.

Key Strategic Focus

AttackIQ's strategic focus centers on providing continuous security validation and threat-informed defense. The company offers solutions such as AttackIQ Enterprise, AttackIQ Ready!, and AttackIQ Flex, catering to various organizational needs. These platforms utilize automated testing aligned with the MITRE ATT&CK framework to identify security gaps and prioritize risks. Primary markets include the United States, United Kingdom, Canada, Germany, and Australia, targeting sectors like finance, healthcare, technology, energy, and transportation.

Financials and Funding

As of May 2025, AttackIQ has raised a total of $44 million in funding. The latest funding round, a Series C, occurred on July 13, 2021, amounting to $44 million. Notable investors include Atlantic Bridge, Saudi Aramco Energy Ventures (SAEV), Gaingels, Index Ventures, Khosla Ventures, Salesforce Ventures, and Telstra Ventures. The capital is intended to fuel global growth and advance the company's vision of security optimization.

Technological Platform and Innovation

AttackIQ's AEV platform stands out for its continuous security validation capabilities, leveraging real-world attack scenarios aligned with the MITRE ATT&CK framework. Key technological innovations include:

Adversary Emulation Library: A comprehensive collection of attack scenarios that simulate real-world adversary behaviors.

Anatomic Engine: Enables detailed testing of security controls against specific attack techniques.

Network Control Validation Module: Assesses the effectiveness of network security controls.

AttackIQ Vanguard: A co-managed service offering expert guidance and support.

These technologies allow organizations to test multiple assets simultaneously, at scale, and in production environments. The platform's API-first, open architecture facilitates customization and integration with existing security infrastructures.

Leadership Team

Brett Galloway: Chief Executive Officer

With over 30 years of experience in technology, Brett has held executive roles at Mist Systems, Airespace, and Cisco. He holds Bachelor and Master of Science degrees in electrical engineering from Stanford University.

Carl Wright: Chief Commercial Officer

Carl brings extensive experience in security, storage, and software sectors, having held executive roles at Securify, Decru, and Kidaro. He served as the Chief Information Security Officer for the U.S. Marine Corps and was awarded the National Security Agency’s Frank B. Rowlett Trophy in 1999.

Stephan Chenette: Co-Founder and Chief Technology Officer

A 20-year veteran in information security, Stephan has experience as a researcher, security consultant, and technical leader. He has presented at numerous conferences, including RSA and Black Hat.

Rajesh Sharma: Co-Founder and Chief Architect

With over 20 years in the security industry, Rajesh has served as Principal Engineer and Software Architect at Websense Inc., Guidance Software Inc., and Resolution 1 Security. He holds a degree in Computer Science and Engineering from R.E.C Bhopal India.

George Tomic: Chief Development Officer

George has held leadership roles at Trustwave, McAfee, DXC Technology, Hewlett Packard Enterprise, and Symantec, focusing on security platform and product development.

Rob Stitch: Vice President, Product

Rob brings over 30 years of experience, having led teams at Trustwave, DXC Technology, and Hewlett Packard Enterprise, focusing on network and security architecture.

Rupen Shah: Vice President, Business Development

Rupen has over 25 years of experience at companies like Motive, Qualys, Pegasystems, Salesforce, Autodesk, Adobe, and Oracle, focusing on partnership ecosystems and business development.

Cory Sutliff: Vice President, Customer Experience

With nearly 20 years in IT, Cory has a strong focus on cybersecurity and has held key operational roles, including in the U.S. Navy.

Jose Barajas: Vice President, Worldwide Sales Engineering

Jose has over a decade of experience as a security researcher and now focuses on improving security control efficacy through attacker behavior emulation.

Paul Reid: Vice President, Adversary Research

Paul has over two decades of experience as a technology strategist in cybersecurity, biometrics, network security, and cryptography.

Brandt Mackey: Vice President, Field Engineering

Brandt has a strong technical background and a successful history at technology start-ups in various customer-facing roles.

Competitor Profile

Market Insights and Dynamics

The Automated Breach and Attack Simulation (BAS) market is experiencing significant growth, projected to expand from $729.2 million in 2024 to $2,405.4 million by 2029, at a Compound Annual Growth Rate (CAGR) of 27.0%. This growth is driven by increasing complexities of security threats and the need for continuous security validation.

Competitor Analysis

Cymulate: Specializes in Breach and Attack Simulation and Security Posture Management, offering Continuous Automated Red Teaming (CART) and Attack Surface Management (ASM). Recent updates focus on cloud security and exposure analytics.

SafeBreach: Provides BAS solutions that simulate real-world attack scenarios to identify security gaps, offering actionable insights for continuous security posture improvement.

Picus Security: Offers a BAS platform that empowers organizations to proactively identify and remediate security vulnerabilities through attack simulations and mitigation guidance.

Strategic Collaborations and Partnerships

AttackIQ has established significant partnerships to enhance its market position and innovation capacity:

NTT Ltd.: Collaborated to provide a Predictive Threat Intelligence solution, helping organizations anticipate and prevent cyber attacks.

MITRE Engenuity’s Center for Threat-Informed Defense: As a founding research partner, AttackIQ contributes to advancing adversary emulation and cybersecurity readiness.

Splunk: Integrated with Splunk to enhance security control validation capabilities.

DeepSurface: Acquired DeepSurface to expand AEV with advanced attack path mapping and smarter vulnerability prioritization.

Operational Insights

AttackIQ differentiates itself through its comprehensive AEV platform, deep integration with the MITRE ATT&CK framework, and commitment to continuous security validation. The company's open, API-first architecture allows for extensive customization and integration, providing a scalable solution for organizations of various sizes. Additionally, AttackIQ's educational initiatives, such as the AttackIQ Academy, demonstrate a commitment to advancing cybersecurity knowledge within the industry.

Strategic Opportunities and Future Directions

Looking ahead, AttackIQ is poised to capitalize on the growing demand for proactive security validation. Opportunities include expanding into new industries and regions, integrating with other security platforms, and enhancing AI-driven capabilities to address evolving cyber threats. The company's strong foundation in adversary emulation and continuous validation positions it well to meet future cybersecurity challenges.