Who We Are

Exposure Security is a self-funded cybersecurity company in the heart of Silicon Valley. We provide security help to some of the world’s top companies. Exposure was founded by veteran CISO Jason Hengels. Exposure’s purpose is to guide you through the tangle of business risks, security vulnerabilities and compliance mandates that get in the way of business. We solve those problems so your business can solve other problems.

Why We Do It

Over the years, we’ve seen too little progress in the security space. In some ways, it feels like regression. Doing the same old things is not working. Vulnerabilities that we saw in the 1980s and 1990s are still a threat today. As security professionals, we feel it’s our duty to help move things forward.
We built Exposure Security around our Virtual CISO™ service. We started providing Virtual CISO™ because we knew too many companies that had lost a CISO or who had under-resourced their security program until something bad happened. We also knew that there weren’t enough talented CISOs to fill all of the open roles. Our model allows us to provide immediate help to multiple clients at once. Our goal has always been to help our clients be successful both during and after our Virtual CISO™ work.

We began our VirtualSOC™ managed security service because our clients regularly asked us if we could manage parts of their security program on a permanent basis. We’ve seen where MSSPs have let them down. Both our clients and we believe that we can do it better.

We understand that nobody goes into business for the purpose of being secure or being compliant. Because of that, technical debt is a serious side effect of starting a company. Security is often the area where technical debt goes unaddressed for the longest. Issues are either unknown or tribal knowledge that gets lost in the shuffle. We’ve seen it everywhere. We’ve also seen what happens when organizations don’t address it soon enough. That’s why we’ve been helping our clients proactively find and fix security issues with our RED™ Team penetration testing services since we founded the company. It’s also why we’ve been helping clients implement secure software development processes since Exposure’s inception.

With our staff of Virtual CISOs, we’ve seen what it’s like to live in a world driven by checkbox compliance requirements while real security problems fester. As security professionals first and foremost, we cannot operate that way. We’ve always approached compliance as a way to improve security posture.
The biggest challenges in security are non-technical in nature. Convincing the Board of Directors to allocate resources, making difficult decisions about whether to divert resources from revenue generating projects and prioritizing security efforts & expenditures are some common examples. The only reliable way to solve these problems is by using a simple, standardized way to determine business risk. If you can describe risk in a way that everyone understands and agrees with, you can get people on the same page and focus efforts. You can take the emotion out of the discussions, avoid the arguments and make progress.


Jason Hengels

Jason founded Exposure in 2014 in response to growing requests from companies around the San Francisco Bay Area for veteran security leadership. Jason is a pragmatic security leader who comes from a strong technical security background. He founded Box’s security program and grew it from a one man show into an entire team of industry experts in under two years. Jason also held executive security leadership roles at Visa, CyberSource and Authorize.net. Jason feels compelled to do everything he can to help the industry progress. Over the last two years, Jason has also worked with CIO and author Mark Egan, as well as top-tier cybersecurity veterans, to create an Information Security program at Merritt College in Oakland, CA. Jason regularly teaches classes for the curriculum, which is intended to give young people in a traditionally underserved community the chance to become the security leaders of tomorrow.