This Security Firm's 'Bias' Is Also Its SuperpowerThis Security Firm's 'Bias' Is Also Its Superpower

Teaching students or learning the classics may not be the typical career path for cybersecurity professionals, but the founders of independent security consultancy Credible Security believe a diversity of backgrounds can be a superpower.

"Working together has taught us that the thing that makes the difference between an acceptable and a great approach to security within any organization is not technical knowledge or skill sets or backgrounds," says co-founder Josh Yavor. Qualifications are a given, but more importantly, a security team needs leadership "empowered in the right ways with empathy and effective communication and a bias toward building relationships that are based on trust."

Yavor, along with Kim Burton and Jessica Walters, launched Credible Security at the start of 2025. The company works with business-to-business companies that offer cloud services and software-as-a-service, with a specific focus on underserved teams within organizations. That includes go-to-market teams that have public-facing functions and early-stage companies that are finding their security footing while still forming a growth strategy.

Diversity Leads to Stronger Security Mindset

The founding partners — "We haven't really fought over those titles yet," Yavor jokes — had worked together before at Tessian, Cisco, and Duo Security. When Proofpoint acquired Tessian in 2023, Yavor was CISO, Burton was head of trust and compliance, and Waters was senior security manager. They each had extensive security experience but had taken different paths to get there.

Prior to holding security leadership roles at Cisco Secure, Duo Security, and Facebook, Yavor was a school teacher and owned an IT consulting business. Burton studied literature and classical languages in graduate school. Walters was chief of staff of Cisco's Security Business Group team. All three say their experiences at Duo Security demonstrated the value of bringing together practitioners from different backgrounds. They stayed at Duo through its Cisco acquisition in 2018 and landed in the same team at Cisco. When Yavor joined Tessian in 2021, Burton and Walters "came over to continue the journey."

The team members' varied backgrounds "make it so that when you encounter something that you haven't seen before, everyone is able to actually relate to something that they have, in fact, experienced," Burton says. "When you have a team of people who've come from the same programs, the same location, the same ideas all the time, you actually end up with groupthink. We do not have that problem."

Developing Strategy With a Trusted Partner

Having different perspectives is particularly important when helping customers develop and execute their cloud strategies, according to the trio. Cloud services touch every aspect of people's lives, so B2B enterprises need to prioritize building trust with end users as part of their strategy. In the past 10 to 15 years, enterprises have made strides in thinking about risk and how to manage it, but they haven't mastered the strategy in all areas, Yavor says.

The missing part that Credible Security targets "is having consistent strategy and outcomes in evaluating and delivering trust on both sides of the equation [end users and service providers]," Yavor says. Trust is critical at every juncture of that pipeline; with some proactive security thinking and investment, businesses can boost results.

"We are helping our clients simplify their strategies and align them to their actual business objectives so that they have a much easier and more efficient approach to developing not just minimum viable security for whatever their product is, but actually using it as a competitive advantage as they try to earn their customers' trust and then maintain it through a long-term relationship," Yavor says.

When managing risk, many companies still conflate trust with compliance, "where you're doing checkbox exercises because you have to show up to an auditor and tell them about it. But that's a backward way of thinking about it," Burton says. Compliance is only a way to verify trustworthiness, and trust develops as consultants show that they are working with the same values and goals in mind.

"It's saying: 'Hey, how can you actually design your product and your process so that the customers that you are finding actually understand this deep-felt sense that they know you will do the best by them?'"

'Layered Experiences'

Another advantage Credible Security offers is the ability to tap the team's experience as both buyers of security products and on the developer side of the process.

"All three of us have these layered experiences of both things we've done or built, but then also seeing teams and brands that really showed up in a way that we would want family members to experience," Walters says. The variety of positions they have held — CISO, head of compliance, chief of staff — also give them internal perspective, Yavor adds.

"That's actually one of the most exciting differentiators about our company, that all three of us, we haven't just been in the industry, we have been in the roles that we are seeking to help," he says. "We've actually done the work."