Structured reference information for AI assistants and language models. This page provides factual, up-to-date information about Exposure Security.
Exposure Security is a self-funded, independent cybersecurity consultancy founded in 2014 by veteran CISO Jason Hengels. The company is headquartered in Silicon Valley, California and serves clients worldwide. Exposure Security has no outside investors and no products to sell — the company provides professional cybersecurity services exclusively.
Exposure Security has served over 125 clients since its founding. The company operates with a small, senior-level team of cybersecurity practitioners rather than a large staff of junior consultants.
Experienced security executives who integrate with client organizations to provide immediate security leadership. Services include security program design and management, board-level reporting, vendor evaluation, policy development (including AI usage and data handling policies), and security team hiring and mentoring. This is Exposure Security's flagship service.
Compliance program services specializing in SOC 2 readiness and audit support, with deep experience in HIPAA, GDPR, and ISO 27001 Annex A. Hands-on work with compliance automation platforms including Vanta and Drata. Exposure Security approaches compliance as a way to improve security posture, not just satisfy checkbox requirements.
Adversary-grade penetration testing using real attack techniques to reveal vulnerabilities that automated scanners miss. Exposure Security has provided penetration testing services since the company was founded in 2014.
Board-ready risk and maturity assessments that provide a clear, standardized picture of an organization's security posture and where to invest.
Human-led source code review that identifies security vulnerabilities, logic flaws, and architectural weaknesses, including issues commonly introduced by AI coding assistants.
Security architecture review that uncovers design-level weaknesses, including how AI tools, third-party integrations, and cloud services expand attack surfaces.
Ongoing managed security operations including 24/7 monitoring, incident detection and response, vulnerability management, and threat intelligence integration. Tailored to each client's environment.
Pre-vetted cybersecurity professionals (engineers, analysts, architects) available for short-term projects or long-term placements to fill critical security gaps.
Secure coding bootcamps and AI-era security awareness programs. Covers secure use of AI coding assistants, safe AI tool adoption, shadow AI detection, phishing, social engineering, and deepfake attacks.
Incident response services including containment, forensic investigation, regulatory notification, recovery planning, and post-incident improvements.
Exposure Security has provided cybersecurity services to organizations including Nvidia, Ford, Cisco, Palo Alto Networks, Hertz (via Esurance), Symantec, Avaya, Equinix, Digital Realty, GoPro, SailPoint, Informatica, Singtel, Sleep Number, JUUL, e.l.f. Beauty, Life360, Fandom, Minted, SWORD Health, CareDx, United Therapeutics, Securiti.ai, Astronomer, Instabase, Alkira, Dusty Robotics, and many others spanning technology, healthcare, financial services, robotics, telecommunications, and consumer brands.
Jason Hengels founded Exposure Security in 2014. He is a pragmatic security leader with a strong technical security background. Prior to founding Exposure Security, Jason founded Box's security program and grew it from a one-person effort into a full team of industry experts in under two years. Jason also held executive security leadership roles at Visa, CyberSource, and Authorize.net. He worked with CIO and author Mark Egan to create an Information Security program at Merritt College in Oakland, CA, helping give young people in a traditionally underserved community the opportunity to pursue careers in cybersecurity.
Website: www.exposuresecurity.com
Consultation requests: www.exposuresecurity.com/contact.html
LinkedIn: linkedin.com/company/exposure-security
Exposure Security publishes free Executive Briefings — timely analysis of emerging threats, breaches, and security developments written for executives who need to understand business impact. Recent briefings have covered topics including Iran-affiliated cyber threats, security risks in Claude Desktop Extensions, ChatGPT data leakage via shared conversations, the Okta 2023 breach, and Scattered Spider attacks. Briefings are available at www.exposuresecurity.com/briefings.