Five Questions with an OG, Josh Devon: Cybersecurity
10.01.2024
Josh
Devon
MissionOG is fortunate to be supported by a deep network of experienced operators and entrepreneurs. This entry is part of a blog series where we share perspectives from “OGs” – original innovators from specific market segments and/or business disciplines.
Josh Devon currently advises early-stage and rapidly growing B2B SaaS companies at Sublime Strategy. He is the co-founder and former COO of Flashpoint, a global leader in threat intelligence.
PLEASE DESCRIBE YOUR BACKGROUND AND CURRENT ROLE.
I’ve always been drawn to the intersection of technology and human cooperation. Software, in particular, fascinates me because it has no physicality yet creates immense value—it’s almost like magic. I’ve also been deeply inspired by what people can achieve when they work together, from putting rockets on the moon to building GPUs. Throughout my career, I’ve focused on orchestrating people and technology to build high-impact businesses. Today, I help entrepreneurs accelerate and sustain their growth by sharing the hard-fought lessons I’ve learned from scaling companies.
WHY DID YOU START FLASHPOINT?
In the wake of 9/11, I became really passionate about stopping bad guys. My early career in counterterrorism gave me a unique skill set in open-source research, which became even more crucial as threat actors shifted their operations online. As criminal communities thrived on the internet, it became clear that monitoring adversaries could not only prevent attacks but also deliver actionable intelligence to businesses. Flashpoint was born from the desire to protect others while building a scalable, sustainable business that could address the growing threat we were seeing.
HOW HAVE YOU SEEN CYBERSECURITY GOVERNANCE EVOLVE WITHIN ENTERPRISES?
When Flashpoint started, threat intelligence was still in its infancy, and many organizations didn’t yet recognize the value of monitoring adversaries. We’ve seen a major shift from reactive incident response to proactive threat intelligence, along with greater cross-departmental collaboration—security teams are no longer siloed, but embedded across the organization. Additionally, as compliance and regulatory demands have increased, security has gained board-level visibility. Overall, cybersecurity has evolved into a strategic asset within modern enterprises, far beyond its former role as a cost center.
WHAT ARE THE MOST CRITICAL ELEMENTS OF A SUCCESSFUL CYBERSECURITY DEFENSE STRATEGY FOR COMPANIES IN TODAY’S ENVIRONMENT?
One of the biggest challenges in developing a successful cybersecurity defense strategy is that there’s no one-size-fits-all solution—what works for a fireworks company won’t necessarily work for a financial institution. However, there are foundational elements every organization should consider. First, there must be someone responsible for security, even if the company outsources to an MSP. Basic protections like endpoint detection and response (with built-in threat intelligence), multi-factor authentication, and timely patching are critical. To combat phishing and social engineering, regular security training for all employees is essential, regardless of the company size. Incident response plans and recovery testing are also necessary to withstand an attack effectively. Additionally, cyber insurance can provide a critical safety net, especially in the event of a ransomware attack.
HOW DO YOU EXPECT THE SECURITY MARKET TO EVOLVE OVER THE NEXT FIVE YEARS?
AI will be a new toy in the cat-and-mouse game between attackers and defenders. Attacks will use AI to create highly personalized, multi-modal phishing campaigns and identify vulnerabilities to exploit. However, AI will also equip defenders with powerful tools as startups develop point solutions to counter these evolving threats. With new compliance regulations on the horizon, security teams will need to take on a larger role in maintaining privacy, particularly as AI-driven solutions introduce new challenges. Finally, as software and infrastructure become increasingly complex and interrelated, supply chain attacks will remain a significant threat, pushing organizations to focus more on third-party risk management to secure their ecosystems. Ultimately, we can expect the security market to continue to grow as with every new technology, there are new security challenges.
WHAT DEVELOPMENTS ARE YOU MOST EXCITED ABOUT?
I’m really excited about how AI will change the nature of the way we work. Adoption may happen more slowly than we initially thought, and there’s no denying that if it can be cost-effective, AI is a strong productivity booster. In particular, I’m looking forward to seeing how agentic AI might affect workflows in the security space and otherwise. Having autonomous agents that can carry out repetitive, rote tasks can free us up to focus on more strategic, creative, and collaborative work—the kind of activities that only humans can do.