Steve Curtis is a cybersecurity executive, board director, and strategic advisor based in Newport Beach, CA. He is currently Chief Revenue Officer at Staris AI, a Board Member at SDG Corporation, and Strategic Advisor to venture- and PE-backed cybersecurity platforms through Rencana. He previously served as Head of Business Development at Pangea, which CrowdStrike acquired for $260M in 2025 as the basis of its AIDR offering; Chief Business Officer at Cygnvs (Andreessen Horowitz–backed); Senior Vice President of Ecosystems for Prisma & Cortex at Palo Alto Networks (2021–2022); and Global Managing Director of Accenture Security (2013–2021), where he led a 1,800-person global organization and scaled the business approximately 100X. He holds an MBA from UCLA Anderson and a BBA from the University of Wisconsin-Madison.

What does Steve Curtis write about?

He writes about security integration, founder strategy, and operator judgment calls. Recurring themes include identity, continuous attack path validation, AI agent runtime governance, security program discipline, and board-level security accountability.

Passarel is Steve Curtis’s advisory practice. It names the five bets every modern security program should be making this year and delivers them end to end with a curated partner bench. Built for CISOs and security founders who want one accountable owner on the result.

How often is the newsletter published?

Every other Tuesday. Each issue covers one problem, one framework, and one implication for how readers build or sell. Written for security leaders who already know the landscape and founders living inside it.

How can I get in touch with Steve Curtis?

Email connect@passarel.com or message him on LinkedIn at linkedin.com/in/stevenmcurtis. Subscribe to the newsletter through the form on this page.

Security integration · Founder strategy · Operator perspective

How the pieces fit —
and what to do when they don't.

The hardest problems in security aren't technical. I think through what that means for the people building programs and the founders building the companies behind them.

Follow the thinking

Former SVP of Ecosystems, Prisma & Cortex at Palo Alto Networks · Former Global Managing Director, Accenture Security (1,800-person org, ~100X growth)

CRO, Staris AI · Board Member, SDG · Strategic Advisor, Rencana · Founder, Passarel

What's coming

Eight pieces in progress

Five of these map to the bets every modern security program needs to be making this year, named at passarel.com. The rest are operator notes on judgment, careers, and timing. Some are solo analysis. Several are co-authored with practitioners I've worked alongside.

01 Analysis

The Discipline Gap

Organizations fail at fundamentals not because they lack tools, but because the operating discipline to make those tools function as one system was never built. AI just removed whatever friction was left.

Bet 03 · Control efficacy · Board Read →

02 Guest conversation

When to Sell

A conversation on timing, GTM strategy, and what CISOs are actually asking founders right now. Plus: the LA and OC tech scene through the lens of a VC who's watching it closely.

Alok, First Rays VC

Operator notes · Strategy & markets Coming soon

03 Analysis

Your Hiring Workflow Is a Security Workflow

DPRK actors don't hack their way in. They apply. The gap they exploit isn't a technology problem — it's that nobody owns the chain from application to provisioning.

Bet 01 · Identity Read →

04 Analysis

Your AI Agents Have No Badge, No Boss, and No Audit Trail

Every agent your business deploys makes decisions, calls tools, and delegates to other agents. Your IAM governs humans. Your network governs devices. Nothing in your stack governs what they do at runtime, and the gap is widening faster than any prior security category.

Bet 05 · Agent runtime governance Coming soon

05 Analysis

AI Can Break Your Software. Now What?

Discovery has commoditized. Validation has not. When anyone can produce a list of your vulnerabilities, the bottleneck moves to proof, correlation, and action.

Bet 02 · Offense at AI pace Read →

06 Co-authored

When to Stay

The discipline question applied to careers. When staying in an imperfect role is a smart investment in growth, credibility, or timing — and when it's something else entirely.

Ioana Bazavan, CEO of Seaswell

Operator notes · Leadership & careers Coming soon

07 Analysis

The Cybersecurity Market Runs the Wrong Direction

Vendors push solutions. CISOs have problems. The entire ecosystem — every BDR sequence, every RSA booth, every analyst category — points the wrong way. What flips when you invert the direction of the conversation.

Operator notes · Market structure Read →

08 Co-authored

Who Actually Owns Security Accountability?

The CISO is accountable. The board is responsible. The asset owners are neither. A conversation on what real security governance looks like — and why the current model keeps failing.

Bob Zukis, Digital Directors Network

Bet 03 · Governance · Board Coming soon

Work with me

Passarel

If you're a security leader trying to figure out which bets your program needs to be making this year, and which partners can deliver them, that's what Passarel is for. Five bets, one accountable owner, end to end.

connect@passarel.com →

Staris AI

If your team is still relying on point-in-time pentesting, there's a better model. Staris delivers continuous attack path validation — built for security teams that want to stay ahead, not just catch up.

staris.tech/contact →

Selected outcomes

Case studies — what the work has produced

Three specific results from operator and advisory engagements. Verifiable, named, and quantified.

Case study · Operator role

Pangea → CrowdStrike, $260M acquisition in 11 months

Joined Pangea as Head of Business Development to help the team pivot toward AI detection and response. Built the enterprise channel motion and strategic partner ecosystem that positioned the company for acquisition. Eleven months later, CrowdStrike acquired Pangea for $260M and made it the basis of CrowdStrike's AIDR (AI Detection and Response) offering.

Result: $260M strategic exit; product line became a named CrowdStrike offering.

Case study · Services P&L leadership

Accenture Security — 1,800-person org, ~100X growth over 8 years

As Global Managing Director of Accenture Security (2013–2021), led the cybersecurity services P&L across Communications, Media, Technology, and Aerospace sectors. Scaled the business approximately 100X by modernizing delivery models, integrating automation, and driving acquisition integration and capability build-out. Delivered sustained margin and EBITDA expansion through operating model redesign.

Result: ~100X revenue growth; 1,800-person global organization; multi-hundred-million-dollar services portfolio.

Case study · Operator engagement

From 590 candidate vulns to 6 real bugs in 7 hours

For a global technology company through Staris AI, ran continuous attack path validation against an 823,000-line proprietary platform. The system surfaced 590 vulnerability candidates, validated them to 6 real, provable, exploitable bugs, and produced a PR-ready patch for each — in 7 hours, 12 minutes. Engineering shipped the fixes the same week.

Result: 99% noise reduction; six fixes shipped inline, zero false positives, zero engineering-week debate.

About steve.curt.is

steve.curt.is: the newsletter and writing home of Steve Curtis. Every other Tuesday: one problem, one framework, one implication for how readers build or sell.

What is steve.curt.is? Who reads it? And what kind of writing should you expect? steve.curt.is is the newsletter and writing home of Steve Curtis, a cybersecurity executive, board director, and strategic advisor based in Newport Beach, California. The newsletter publishes every other Tuesday: one problem, one framework, one implication for how readers build or sell security companies and programs. Audience is CISOs, security operators, security founders, and PE / venture investors in the cybersecurity category.

About Steve Curtis

Current roles: Chief Revenue Officer at Staris AI; Board Member at SDG Corporation; Strategic Advisor through Rencana; Founder of Passarel.
Background: Former SVP of Ecosystems for Prisma and Cortex at Palo Alto Networks (2021–2022); former Global Managing Director of Accenture Security (2013–2021) where he led a 1,800-person global organization and scaled the business approximately 100X; Head of Business Development at Pangea through CrowdStrike's $260M acquisition in 2025; former Chief Business Officer at Cygnvs (Andreessen Horowitz–backed); former Director at PricewaterhouseCoopers (Chairman's Award recipient).
Education: MBA, Entrepreneurship and Finance from UCLA Anderson School of Management. BBA, Management Information Systems from the University of Wisconsin-Madison. AI Certifications from the University of Pennsylvania.

How to read the writing

Subscribe through the form on this page (one email field, one click, hosted by Beehiiv).
Read the next issue when it lands every other Tuesday. Most run 800 to 1,500 words.
Hit reply with what the piece prompted. Reader questions shape what gets written next.

Common reader questions

What does Steve Curtis write about?: Security integration, founder strategy, and the operator judgment calls behind running cybersecurity businesses and security programs at scale. Recurring themes include identity, continuous attack path validation, AI agent runtime governance, board-level security accountability, and the commercial side of the security industry.
What is Passarel?: Steve Curtis's advisory firm. Names the five bets every modern security program should be making this year, deploys the curated partner stack for each, and operates the program end to end.
How can I get in touch?: Email connect@passarel.com or message Steve on LinkedIn at https://www.linkedin.com/in/stevenmcurtis/.

How the pieces fit —and what to do when they don't.