Cobalt Taps Cyber Vet Spinelli for Board Amid AI Threat Surge

SAN FRANCISCO, CA – April 09, 2026 – Cobalt, a company at the forefront of Penetration Testing as a Service (PTaaS), has appointed renowned cybersecurity pioneer Tony Spinelli to its board of directors. The move is a significant strategic maneuver, coming at a time when organizations globally are grappling with an increasingly complex and hostile digital landscape. Spinelli, a four-time Chief Information Security Officer (CISO) and an early investor in the company, brings over 25 years of executive experience from giants like Capital One and Equifax, strengthening Cobalt's position as it guides enterprises toward a more continuous and proactive security posture.

The appointment is more than a high-profile addition to a corporate board; it is a clear signal of the industry's direction. As businesses confront rapidly evolving attack surfaces and the rise of AI-driven threats, the traditional model of periodic security checks is proving dangerously insufficient. Spinelli's deep involvement with Cobalt—first as an investor, then a multi-company customer, and now a board member—underscores a powerful endorsement of the company's mission to redefine offensive security.

An Inflection Point for Cybersecurity

Industry leaders agree that cybersecurity has reached a critical "inflection point," a term Spinelli himself used to describe the current climate. The old paradigms of building a digital fortress and reacting to alarms are being dismantled by adversaries who operate with unprecedented speed and sophistication. The average breakout time for a cyber intrusion has plummeted, with some attacks compromising entire networks in minutes, not hours or days.

"Security leaders are operating in an environment where threats evolve faster than traditional testing models can keep up," said Sonali Shah, CEO, Cobalt, in the company's announcement.

This new era is defined by several converging challenges. The mass migration to cloud environments, the proliferation of SaaS applications, and the permanence of remote work have dissolved the traditional network perimeter, creating a vast and porous attack surface. Simultaneously, attackers are weaponizing artificial intelligence to automate their own campaigns, from crafting hyper-realistic phishing emails to discovering vulnerabilities at machine speed. Traditional defensive strategies, often reliant on static signatures and known threat patterns, are simply outmatched.

This reality necessitates a fundamental shift in mindset from reactive defense to proactive offense. The focus is moving toward Continuous Threat Exposure Management (CTEM), a strategic framework championed by analysts at Gartner. CTEM advocates for a continuous cycle of discovering, prioritizing, and validating security exposures from an attacker's perspective. It is this very shift that Cobalt aims to operationalize, and Spinelli's appointment is a testament to that vision.

A Pioneer's Perspective

Tony Spinelli's career is a map of modern cybersecurity's evolution. His extensive experience is not just in security but in the digital transformation that creates new security challenges. At Capital One, he was instrumental in pioneering secure cloud adoption at scale and led initiatives in machine learning and AI, giving him firsthand knowledge of both the promise and peril of these technologies.

His tenure as Chief Security & Compliance Officer at Equifax saw him develop cutting-edge cybersecurity systems, including patented technologies for data loss prevention. He has held the top security or information post at other major corporations like First Data and Tyco International. Beyond his corporate roles, Spinelli's influence extends to national security, having served on a U.S. National Security Agency advisory board and counseled the Department of Defense on cybersecurity and cloud strategy. His current roles as Field CISO at Halcyon and CIO at Urban One keep him on the front lines of today's security and technology challenges.

This unique blend of hands-on technical expertise, executive leadership, and strategic foresight is what Cobalt believes will be invaluable. "Tony has been at the forefront of cloud transformation and cybersecurity innovation for decades, helping some of the world’s most complex organizations navigate this shift," Shah noted. "His perspective will be invaluable as we continue to scale the Cobalt Offensive Security Platform."

From Point-in-Time to Continuous Validation

The core problem Cobalt and its peers in the PTaaS space are solving is the inadequacy of point-in-time penetration testing. A traditional pentest provides a snapshot of an organization's security posture, which becomes outdated almost immediately as new code is deployed, new systems are brought online, and new threats emerge.

Cobalt's platform transforms this episodic activity into a continuous, centrally managed program. It combines a curated community of over 500 elite security experts with an AI-powered platform to deliver ongoing vulnerability assessment and validation. This "human-led, AI-powered" approach is designed to get the best of both worlds. AI and automation handle the laborious and time-consuming tasks of reconnaissance and scanning, mapping the attack surface and identifying low-hanging fruit.

This frees up human pentesters to do what they do best: think creatively, chain together complex exploits, and uncover subtle business logic flaws that automated tools would miss. The result is a process that is not only more thorough but also significantly faster. By integrating directly into development workflows, the platform helps organizations reduce the time it takes to find, triage, and remediate critical vulnerabilities, accelerating risk mitigation without slowing down innovation.

The Ultimate Endorsement

Perhaps the most compelling aspect of Spinelli's appointment is his history with the company. As an early investor, he saw the potential in Cobalt's model long before PTaaS became a widely recognized category. As a customer at multiple companies, he experienced the platform's value from the user's perspective, validating its effectiveness in real-world enterprise environments.

This dual relationship represents the ultimate endorsement. It signals to the market, to potential customers, and to other investors that a seasoned veteran—one who has managed security for some of the world's largest and most complex organizations—not only believes in the vision but has seen it deliver tangible results. In the competitive cybersecurity market, this kind of authentic, experience-based validation is invaluable.

"Cybersecurity has reached an inflection point where traditional defensive strategies alone are no longer sufficient," Spinelli stated. "Organizations need continuous, intelligence-driven approaches that reflect how attackers actually operate today with humanistic intent. Cobalt has built a platform that combines elite human expertise with scalable technology to deliver that capability."

With Spinelli’s guidance, Cobalt is poised to further its mission of redefining offensive security. His appointment is not just about adding a name to the letterhead; it is about embedding decades of frontline experience into the company's strategic core as it helps enterprises move from a state of reactive fear to one of proactive, continuous, and confident security.