Sign up

What matters to you matters to us! Customize your newsletter–tell us what you're most interested in and we'll handle the rest.

loader image




April 14, 2022

Obsidian Security: Closing the Gaps in SaaS Security


Today, Norwest is thrilled to announce that we are doubling down on our investment in Obsidian Security, a next-generation SaaS Security and Posture Management (SSPM) company. Obsidian helps security and IT operations teams bridge the security and compliance gaps created when lines of business adopt SaaS applications.

After leading the Series B-1 in June 2021, Norwest is excited to invest in Obsidian’s $90M Series C financing alongside our friends at Menlo Ventures, Greylock, Wing, IVP, and GV.


Exceptional Leadership Team with Deep Cybersecurity Expertise

It is rare to find the caliber of talent and domain expertise that the Obsidian team has assembled. We have known CEO Hasan Imam since his time at Shape Security when Norwest led their Series C. Hasan served as chief revenue and customer officer and helped lead the company to its $1B exit with F5 Networks.

When Hasan joined Obsidian and we met the founders, all of whom bring deep expertise in cybersecurity, we jumped on the opportunity to partner with them. Obsidian was founded by an all-star team:

  • Co-founder and CTO Ben Johnson founded and served as CTO of Carbon Black and helped build their first EDR product
  • Co-founder and CPO Glenn Chisholm was a founding employee and CTO of Cylance and the CISO of Telstra
  • Co-founder and Chief Scientist Matt Wolff was a founding employee and Chief Data Scientist of Cylance


Creating a New Category: SSPM

Here at Norwest, we love betting on new categories. As the first investors in category-defining companies such as Gong, we felt the same excitement after meeting the Obsidian team. As longtime security investors in companies such as Shape Security (now part of F5), Exabeam, and FireEye, we had repeatedly heard CISOs, CIOs, and other security and IT leaders emphasize the growing importance of SaaS security.

The adoption of SaaS applications and public cloud services has seen massive growth over the past decade, a trend that has only been accelerated with the advent of COVID-19. Migrating to the cloud comes with a host of new issues for security teams, however. They have less control over networks and infrastructure, and attackers are increasingly using credential stuffing, social engineering, spear phishing, and other evolving techniques against users and services. While cloud access security broker (CASB) solutions are primarily focused on prevention in the cloud, Obsidian addresses detection and response, a gap in the market.

Obsidian Security is building the first comprehensive threat and posture management solution for SaaS. Their platform consolidates data across core applications such as Salesforce, Workday, GitHub, Google Workspace, Microsoft 365, ServiceNow, and Zoom to help teams optimize configurations, reduce over-privilege, and mitigate account compromise and insider threats. Through deep integrations with data sources, Obsidian builds an activity graph to provide visibility into configuration management, how data is being accessed, and where data resides to detect anomalous behavior and identify threats.


Strong Customer Love

At the core of every product decision at Obsidian is to make their customers successful. During our diligence process, we spoke with CSOs, heads of information security, and other buyers who had deployed Obsidian in their enterprises. Across the board, we heard delighted customers explain how Obsidian delivered strong value within days, even hours, of being rolled out.

Leading companies such as Snowflake, Coinbase, and Sigma are leveraging Obsidian to gain consolidated visibility into their SaaS applications with high fidelity so they can mitigate threats.

We’re excited to partner with Hasan, Ben, Glenn, Matt, and the Obsidian Security team. If you’re looking for a SaaS security solution, check out