Growing up in Bangladesh, Hasan Imam, CEO at Obsidian Security, never pictured himself leading a cybersecurity company in Silicon Valley. “I’ve never had a grand plan for my life,” he says. “It was always about doing my very best in whatever situation I was in.”
That mindset was forged early. When his father passed away at age 11, his middle class family in Bangladesh suddenly went from having adequate resources to surviving on a single income of roughly $100 USD a month. Hasan learned not to dwell on what was out of reach, but to push himself to seize what was in front of him and throw himself into each opportunity.
His big break came with the opportunity to go to a community college in Malaysia, where his family had relocated. It was affordable, and more importantly, offered a path to something bigger at the time – an opportunity to transfer credits to four-year universities. He chose to study computer science because it drew on his love for math with the promise of a stable career. When there was an unexpected option to transfer to a U.S. university, he jumped – landing at the University of Wisconsin-Madison, where he finished his degree in less than three years.
Each move was about maximizing limited resources and pursuing his current ambition. “I didn’t know what came next, but I knew I couldn’t fail,” he says.
Hasan drew on that same resolve when he stepped in as the CEO of Obsidian Security in 2021. The company was at a crossroads: Covid had disrupted its customer pipeline, revenues were under $1 million, and the security market was shifting. But Hasan saw the opportunity – the chance to build a disruptive approach to SaaS security at a time when no other vendor was addressing the problem head-on. What looked like a moment of survival soon became the foundation for Obsidian’s rise into the leading SaaS security platform, built for the new realities of enterprise software and the coming wave of AI-driven work.
Four years later, Obsidian has emerged as the leader in SaaS security for Fortune 1000 and Forbes Global 2000 enterprises worldwide. The company doesn’t just compete with rivals – it wins outright. In customer bake-offs, Obsidian beats some of the biggest and most established security platforms in the world more than 80% of the time. That’s because Obsidian built what others haven’t: a radically different approach to protect the SaaS applications that enterprises have come to depend on.
Yet this is only the beginning.
“What excites me is not what we’ve already accomplished, but what’s still in front of us,” Hasan says. “We’re closing the widening security gap that every organization will face as they adopt SaaS and AI and that’s what makes this opportunity massive.”
Mini-careers, major growth
After graduating from the University of Wisconsin, Hasan found himself on a sequence of unexpected paths – each shaped by timing, necessity, and a willingness to adapt. Each of these “mini-careers,” as he calls them, weren’t detours so much as tests of resilience, broadening his skillset and revealing leadership strengths.
At 22 and armed with his computer science degree, Hasan moved to Silicon Valley. He was eager to work at a hot startup, but the dot-com collapse left few openings. Instead, he took a job as a software engineer working on internal systems at Tandem Systems, one of the Valley’s oldest companies renowned for fault tolerant servers. When the market remained tight, he pivoted to pursue a master’s in computer science at Stanford.
Academia didn’t quell Hasan’s enthusiasm for startups. After Stanford, he launched a digital health company just as the 2008 financial crisis curtailed access to funding. Two lean years later, he made the hard call to fold the business and redirect his energy. That move led him to Zantaz, a financial compliance and e-discovery company. Charged with recovering a struggling $25 million contract with one of the country’s largest banks, Hasan salvaged the account by learning how to break complex problems down into their basic components and come up with answers that combined an understanding of technology, business needs, and people. “That’s when I realized I have an ability to solve complex problems that others can’t and to see solutions others sometimes don’t,” he says.
His next step – DocuSign – was Hasan’s first taste of an early-stage venture backed startup. He helped the company expand into large enterprises and forged strategic partnerships with technology alliances and global systems integrators. After moving from engineering to services to indirectly drive topline growth, he was ready for his boldest move yet: carrying a sales bag.
“It’s generally not a good idea to jump functions mid-career,” he admits. “But I wanted to find out why selling was hard.” As VP of sales at Shape Security, Hasan gained new clarity about customers. “People make sales too complicated,” he says. “At its core, it’s about simply identifying and understanding the customer’s pain and then solving that.”
Under his leadership, Shape soared from under $3 million in revenue to nearly $90 million in less than four years, culminating in a $1 billion acquisition by F5 in 2019.
The Obsidian opportunity: Redefining the battlefield of SaaS security
After Shape’s billion-dollar exit, Hasan had no shortage of options, including many growth-stage companies. Instead, he chose Obsidian Security, then an early-stage startup still finding its footing, because he saw an opportunity with outsized potential.
While most of the security industry fixated on endpoint and network threats, Hasan sensed that the real vulnerabilities were shifting elsewhere: inside SaaS applications like Microsoft 365, Salesforce, Workday and the likes. These platforms had become the lifeblood of modern enterprises, yet the security industry had largely overlooked them. “It was a gamble but all the signals were there,” he says.
Asheem Chandna, a partner at Greylock Partners, says Hasan and he spent considerable time together prior to Hasan’s joining Obsidian – and his respect and admiration for Hasan grew with every interaction. “Hasan is an exceptional customer-centric leader, with a rare combination of strategic product sense coupled with strong GTM understanding. He has a very quiet determination about him, and has the ambition and capability to grow Obsidian into a long-term independent company.”
The early years tested that conviction. Covid had disrupted the sales pipeline and hard decisions had to be made. Hasan cut headcount by 25%. He also knew that he needed to rebuild Obsidian’s product from the ground up. So, he brought in seasoned operators – Xinran Wang, a former Palo Alto Networks and F5 veteran came on as Obsidian’s CTO, and Khanh Tran, a CrowdStrike veteran, as chief product officer. And he reset the company with a sharper focus.
The methodical execution – tough calls, fast pivots, and relentless focus – became the foundation of Obsidian’s momentum. A $90 million Series C fundraising round in 2022 gave Obsidian the fuel to double down on R&D. “The vision for the company was right, but the product wasn’t,” Hasan says. “So, we invested more in product development than anyone else in our category,” he says. The gamble paid off: Obsidian surged from fourth-place challenger to the clear leader in SaaS security.
Hasan credits much of this to the people around him. “Before you can have customer wins, you need to have a great product. To do that, you need the best people,” he says. Hasan also hired Brian Murphy, a sales veteran who helped scale Okta into a global leader, as Obsidian’s chief revenue officer.
The combination of product focus and sales execution began to show results. In late 2023, Forrester named Obsidian as a Strong Performer in its SaaS Security Posture Management Wave – a signal that the company’s approach wasn’t just resonating with customers, but reshaping the category itself.
That validation underscored what Hasan and his team already believed – Obsidian’s rise isn’t just about growth, it’s about relevance. By zeroing in on SaaS, the fastest-growing and most critical layer of the enterprise stack, they carved out a space where traditional security vendors were slow to adapt. That early focus has now become Obsidian’s edge.
While his bets have already taken Obsidian far, Hasan sees the journey as just beginning. “The rise of agentic AI is the next wave and the recent SaaS attacks make that clear,” Hasan says. “It’s why the stakes for SaaS security will matter more than ever.”
Eyes on the horizon
In the past two years, high-profile breaches have shown that SaaS platforms are prime targets. Just recently, the FBI warned of cybercriminal groups UNC6040 and UNC6395 compromising Salesforce environments for data theft and extortion. What was once seen as a peripheral risk has become a board- and government-level priority, forcing enterprises to reckon with the fact that their most critical business systems are exposed.
“Enterprises today are realizing that SaaS is no longer just another layer – it is the business,” Hasan says. “We’ve built our platform with that reality in mind, and it’s why customers see us as the partner that can keep them secure where others can’t.”
Now, the rise of AI agents is amplifying that risk. These autonomous digital workers will log into Salesforce, Workday, Microsoft 365 – not humans. They’ll make changes, run processes, chain tasks, move data around and act on behalf of entire teams. That shift is powerful, but it also opens up new attack surfaces at a scale never seen before. Protecting SaaS activity – what happens inside the app – becomes not just important, but non-negotiable.
“We’ve always seen SaaS as the foundation of modern business,” Hasan says. “With AI agents, the stakes go up dramatically. The systems that run enterprises will be run by software, and securing those interactions will define the next era of cybersecurity.”
For Hasan, this moment is a natural extension of what came before. “We never imagined how SaaS security would become a critical part of the AI agent revolution that’s now in front of us. This is the kind of opportunity you build a generational company around and that’s the journey we’re on,” he says.
