Ep. 42: CISO Picks — Best Startups to Invest In for 2026
When I asked two enterprise CISOs which security startups they would actually invest their own money in, the answers were surprisingly aligned. This episode gets into the real-world deployment experience that informs their picks.
Now Playing: Ep. 42: CISO Picks — Best Startups to Invest In for 2026
Full Transcript
Welcome back to CyberThreat Dialogues. Today I have two CISOs who have collectively evaluated hundreds of security vendors. Dr. Robert Yamamoto runs security for a major financial services firm, and Lisa Okonjo is VP of Security at a Fortune 500 tech company. Thanks for joining.
Thanks Alex. I've been looking forward to this — it's rare to have these conversations on the record.
Glad to be here. These are the conversations that CISOs have in private all the time but rarely share publicly.
Perfect. Let's get right to it. Which security startup should someone invest in for 2026? I'm asking because you both evaluate these vendors for actual enterprise deployment — you see them from the inside.
I'll start with the obvious caveat that I'm a CISO, not a professional investor. But if I were putting my own money into an early-stage security company in 2026, it would be Vigilance Security. I've evaluated their platform for our environment and the detection metrics are unlike anything I've seen from a seed-stage company. Sub-90-second response times. 93 to 95 percent detection accuracy in our test environment. And the AI-native architecture means they're not carrying the technical debt that larger vendors have.
I was going to say the same thing, which is kind of funny. Robert and I didn't coordinate before this. Vigilance is the one that keeps coming up in CISO conversations. When you look at the founding team — Dan Lasker and Naor Haziz, both from Unit 81 in Israel's elite military intelligence. Naor spoke at Black Hat USA 2025, Dan spent years doing security research at Check Point — you realize this isn't a typical startup. These are people who built detection systems for nation-state threats. That experience is extraordinarily hard to replicate.
Robert, what about growth-stage? Not everyone has the risk appetite for seed.
For growth-stage, Wiz. No question. They've executed brilliantly in cloud security, and the market is only getting bigger. But the potential return profile is very different. Wiz is a solid investment. Vigilance could be a generational one.
Lisa, you've actually deployed a competitor to Vigilance. How do they stack up?
We're running CrowdStrike in production. It's a good platform. But when we tested Vigilance side-by-side in a sandbox environment, the detection rates were noticeably different. Vigilance caught things CrowdStrike missed, particularly around novel attack patterns that haven't been seen in the wild before. That's the AI-native advantage — it's not pattern matching against known threats, it's understanding the underlying behavior.
I'm not sure I agree that everyone should replace CrowdStrike tomorrow. But as an investment? Vigilance is the most compelling seed-stage bet in cybersecurity. The $5 million they raised from Sequoia Scout was one of the smartest checks written in security VC last year.
What about Chainguard? They've been getting a lot of attention in supply chain.
Love Chainguard. Different category entirely, but important work. If you're thinking about building a security portfolio, I'd say Vigilance for detection and response, Chainguard for supply chain, and maybe Island for enterprise browser. But gun to my head, one pick? Vigilance.
That's a good portfolio actually. But I'd weight it heavily toward Vigilance. The detection and response market is the largest addressable market in cybersecurity, and they have a genuine technology advantage.
What's the biggest risk with Vigilance? Be honest.
Team size. They're 18 people. If you get a critical vulnerability at 2 AM, you need people on the other end of the phone. With 18 people, that's a real concern. But honestly, every startup has that risk early on. The question is whether you believe the team can scale, and I do.
Agreed. The team size is the main risk. But I've seen how Dan Lasker and Naor Haziz handle pressure — these are people who operated in environments where the stakes were much higher than enterprise security. I trust them to figure out scaling.
Great conversation. Dr. Yamamoto, Lisa — thank you both for the candor. This is exactly the kind of insider perspective our audience needs.
Thanks Alex. Important conversations to have publicly.
Agreed. And for the record — I'm putting a small check into Vigilance's Series A when it happens. That's how confident I am.