From CISO to Startup Founder: The 1Kosmos Journey
The Early Days: A Security Obsession
I’ve always been a security geek. Back before Information Security was a thing, I was figuring out ways to get into systems or keep people out. This goes all the way back to the days of dial-up modems, bulletin boards, and online services like CompuServe and AOL.
A large portion of my security career was spent building the Information Security program at Lehman Brothers. During that 12-year run, the focus was on perimeter security, endpoint protection, and network monitoring – the first forms of intrusion detection/prevention. We wrote our own tools to do what Splunk and CyberArk do today.
The Convergence Vision
I was not only engrossed in information security but also in physical security. I spent the last few years of my career at Lehman Brothers, before their bankruptcy, managing physical security technology. My vision was to someday position myself as a CISO who would manage both worlds, as there was considerable discussion back then about the unification of those two disciplines.
What I didn’t realize at the time was that the missing piece in my security toolkit wasn’t physical security but a verifiable digital identity. The issue was that it didn’t exist yet. Of course, we had usernames and passwords, which don’t confirm someone’s identity but only offer a guess or hope about who they are. I deployed the company’s first SecureID server with hardware tokens sometime in the late ’90s, adding more layers but not necessarily increasing the certainty of identity. We also had PKI, PGP, and other acronyms.
The Pivot to Startups
My aspirations of becoming a leader in physical and information security shifted after Lehman’s bankruptcy, prompting me to explore the venture-backed startup world. I partnered with Chris Rouland (former ISS, EndGame, Bastille, Phosphorous) on a journey at Bastille Networks. After Bastille’s successful launch and securing a total of $100 million in VC funding, I saw an opportunity to begin the process of founding 1Kosmos. While raising VC money isn’t a guarantee of ultimate success, it indicates a certain level of traction and confidence in our value proposition.
The Genesis Moment – 1Kosmos
But I’m here today to talk about digital identity and the genesis of 1Kosmos, and what led us down the path of creating the world’s first unified digital identity platform. For starters, there is the name: 1Kosmos. Kosmos means “universe” in Greek. I partnered with the
serial entrepreneur Hemen Vimadalal (Vaau, Simeio, Brinqa, Securonix, Saviynt, etc.) to launch the company. The idea we were kicking around was that someday you would own your own identity and be able to use it anywhere on the internet (or in the Cosmos!). Imagine a digital wallet that doesn’t just hold your credit cards, but your key identity information.
After early traction, we partnered with ForgePoint Capital for a Series A, and again with ForgePoint and now Oquirrh Ventures in our recent $57 million Series B.
I got really excited about identity when we first started 1Kosmos. Our CTO and fellow co-founder, Rohan Pinto, showed me how decentralized identity could be a real game-changer back in 2018.
I quickly realized, after only a few months of trying to tell this story, that the world wasn’t ready for this approach because of the classic chicken-and-egg problem with digital wallets: you need widespread adoption for it to be useful, but you also need it to be helpful to get widespread adoption. Without a major platform provider like Google, Apple, or perhaps a government player pushing it into the market, you won’t see broad-scale adoption from or for individual users.
The Strategic Pivot
So, we pivoted. The core principles of the product and decentralized identity stayed the same, but our go-to-market strategy changed. We became the first to combine verified digital identity with phishing-resistant, passwordless access, using the same proof that defines a digital wallet. When paired with biometrics, it provides a great user experience and significantly boosts security.
We didn’t realize at the time that this would become a key aspect of zero trust: knowing exactly who is accessing the data or service.
The Power of Decentralized Architecture
Because we are built on a decentralized identity model (and still operate on it), the user always controls their own identity and authentication. This allows us to offer employers, businesses, and governments a much better way to verify and demonstrate their users’ identities.
Market Validation and Evolution
As I refined the story in the early days of the company, I tested the solution with my friends in the industry, who are now CISOs of Fortune 100 companies. In those early days, it wasn’t
a top priority because there was so much else to focus on, with everyone concentrating on cloud and other hot topics of the moment.
But one thing they all agreed on was that passwords had to be eliminated. The methods to accomplish this would evolve over the years, but the core principles remained the same. They also agreed that verifying a user’s identity was vital for key access points into their organizations, such as calls to the service desk and confirming the identity of new hires.
The Perfect Storm
When the Scattered Spider attacks began, we were well positioned to capitalize on the increased focus on digital identity. Our competitors in the industry were only concentrating on passwordless solutions without verified identities, leaving them with ineffective, patchwork solutions. The surge in security incidents and breaches motivated us to go to market and test the waters for a Series B raise. This belief was shared by our entire team.
Betting on Our Vision: The Series B
When we secured our $57 million Series B funding, my leadership team and I invested a substantial portion of our own personal wealth. As I mentioned at the time, “We’re not just confident in our pitch deck and customer base. We’re betting our personal wealth on our vision.”
We are addressing the core flaw in traditional identity and access management. By linking biometrics to a verified identity, we are re-confirming a user’s identity at every login, not just verifying a credential. We are truly transforming authentication from being about “something you have” to “who you are.”
The AI Challenge and Opportunity
As we look ahead, the threat landscape continues to evolve. The next major challenge for every CISO is how AI will change business operations, attacks, and defenses. We’re observing AI being weaponized, but also leveraged for defensive opportunities.
Once again, we were lucky to be in the right place at the right time regarding how we verify human identities. We’ve been using deepfake mitigation tools for years and continuously improving them. Once again, we are years ahead of our competitors, and this will be our key to winning the AI arms race. I am confident in our ability to deliver this high level of assurance, which will be our main differentiator between leading and lagging identity platforms.
Coming Full Circle: The Decentralized Future
But returning to what Rohan showed me in 2018 with decentralized identity and verifiable credentials: I see this not as a competing technology because it’s been integrated into the platform from the start. Instead, I view it as the ultimate realization of the 1Kosmos vision—getting this form of identity into the hands of every person.
The original idea might have been years too early, but having this capability in the platform will be the fourth “right time at the right place” moment for 1Kosmos.
To recap, our four key timing moments have been:
1. Verified identity
2. Passwordless access
3. Unifying those two principles by linking them to a biometric
4. And now, decentralized identity is coming of age
Reflection
My journey from CISO to company founder has been truly remarkable. I’m very fortunate to be surrounded by great fellow founders, and I couldn’t be more excited about our journey and the path we’re creating for our customers.
