Above Security raises $50M to redefine insider risk in the age of AI agents
Read more
Tricia Howard
Mar 23, 2026
Tricia Howard
Mar 23, 2026
My name is Tricia Howard and I'm the Head of Marketing at Above Security. If you're reading this, thank you for your time, and welcome. We could not be happier to finally be pulling back the curtain on what we've been building, and thank you for being a part of our journey.
I started my career on the stage and fell into the wonderful world of cybersecurity entirely by accident. My B.A. in theatre is something I cherish deeply and bring into my work as much as I possibly can. As an actor, psychology and human understanding aren't just nice-to-haves — they're critical to your craft. If you can't understand humans, you can't believably portray one onstage. I never would have guessed cybersecurity would have those same parallels, but boy howdy, it sure does.
So, funny story: I originally wanted to launch in the summertime. Now, while I'm out here cosplaying as a Californian this week, back home in New England, March is anything but beach weather.
Reality had other plans. When Aviv came to me and said, "We got more funding — we need to launch earlier," I shoved down the ✨panic✨ and got to work. The more I thought about it, the more it made sense. It wasn't just that we'd raised $50M out of the gate, (a milestone that still kind of makes my jaw drop tbh) it was that the longer I waited to launch, the longer the security community suffered without a solution that actually works.
That may sound dramatic. But in my 10 years in this industry (a decade already? 🫠), I've seen quite a few attempts at fixing insider risk, and none of them have done what they claimed. Not even close.
In my sales days, I remember being genuinely thrilled when vendors started calling UEBA "SIEM 2.0" — the idea that we'd finally look at identity and activity at a human level, not just at a technological process level? *swoons* 🥹
Then I remember being bitterly disappointed. Deal after deal, I lost seven-figure opportunities to data classification workshops at a fraction of the size — because the "solutions" just couldn't hack it. Organizations didn't have a handle on their data: where it was going, why it was moving, or what it meant. The problem was never just "securing data in motion" or preventing business email compromise. It was about understanding humans at a fundamental level and building processes around that, rather than starting with tech and working backwards.
I've talked to customers who spent four or five years on SIEM, DLP, and UEBA implementations and still couldn't tune them with any real success. The same problems they had on day one were still true years later: false positive rates through the roof, the alerts that actually mattered buried in noise, and already-overworked security teams just as tired and frustrated as when these tools first came on the scene — if not more so, because they were promised relief that never materialized.
That's the problem we're here to solve.
I spent my previous four years at Akamai focused entirely on security research: malware analysis, making complex things accessible, the works. It was, honestly, a pretty cushy gig, and it was lots of fun working with incredibly smart and talented researchers.
So when a recruiter reached out and introduced me to Aviv and Amir, I figured it was good practice. I believe in interviewing even when you're happy where you are; at minimum, it confirms that you're exactly where you need to be.
Startups usually pay in hope, and last I checked, mortgage servicers haven't started accepting hope as currency just yet. But…(there’s always a but) I got off that first call with Aviv and said to myself: "Well dang, I actually have to consider this."
Not only were they paying in real dollars, yay (see previous email about funding 👀) this was a chance to be the foundational marketing member of the team. And the product itself seemed to be a marketer's dream, almost too good to be true. A few weeks later, they took a chance on the newbie, and it has been a whirlwind ever since. First launch of this nature, check. We made it! *exhales deeply*
Have you ever built an entire brand or a full marketing motion from scratch? I hadn't. Ayecheewawa, is there a lot that goes into it. Way more than I imagined.
Branding isn't just choosing colors and fonts. Marketing ops is more than email workflows and lead capture. Swag doesn't just magically appear. (If you work in field marketing and are reading this: I see you, especially RSAC week. #HugOps.) Building a full marketing playbook is a trifecta of strategy, art, and science. Not to be taken lightly. Every word choice, every pixel, every unhinged 2 a.m. Claude conversation leads up to this moment.
Here's what theatre taught me that I brought into building this brand: the best performances are rooted in something true to the person giving them. I put Easter eggs throughout the brand that are pieces of me and the other members of the founding Above team — and that will only grow over time. I'll point out a couple so you can keep your eyes peeled. 👀
It's entirely possible the reason I couldn't get chess out of my head when I first learned about Above is because it's my partner's favorite game. (Psst… Easter egg #1 😏) He has talked more smack over a chessboard than any other game, virtual or physical. I used to think chess was "lame" — you're just moving pieces around on a board, right? How could that possibly generate more trash talk than an R6 match?
Turns out, chess is a war strategy game. Who knew? 😅
You're literally trying to capture the opponent's King — which, in the real world, means you own that country now. That's where the intensity comes from. The stakes within the game are astronomically higher than even the fiercest FPS, because you're not trying to win a battle. You're winning the whole war.
For an industry that loves military references, I found it a little odd that chess wasn't more prevalent in cybersecurity marketing. You see it in finance or legal, but not in the industry that literally uses the word "peacetime" to describe a quiet SOC? That seemed like a missed opportunity to me. Chess is associated with intelligence, strategy, and thinking several moves ahead, which is exactly what we're asking security teams to do every single day.
That was it. Chess was stuck in my craw, forevermore. And the more I learned about Above, the closer the parallel became. And that was it — chess was stuck in my craw. The more I learned about Above, the closer the parallel became. It hasn't changed in centuries. We just finally started playing it right.
Chess traces back to 6th century India, though the game as we know it today was largely shaped in 15th century Europe. Fun fact: the Queen was not only one of the weakest pieces in the original game, she wasn't even a "she" until the chess glow-up of 1475. The original character was the King's "advisor" — male, limited to moving one square diagonally. Historians debate the reason for the change, but it's widely accepted that the shift was a direct result of the powerful women rulers of that era.
From one square diagonally to ruling the entire board. Sound familiar?
(Hi, it's me. Queen of House Cyberly, reporting for duty. 👑)
From the dawn of the internet, insider threat has been the Big Boss Bowser™ that nobody could crack. Give employees too many obstacles and they can't do their jobs, so they find workarounds. Give them too few guardrails and you're exposed. It's a human problem wrapped in a technology problem, and we keep trying to solve it with technology alone.
In my mind, that's the equivalent of keeping the advisor piece on the board instead of upgrading to the Queen. We keep setting aside the communication, psychology, and genuinely human part of human risk to make room for the next shiny tool — which addresses a cool edge case or two but still leaves the same fundamental problems untouched. The oldest problems have a funny way of becoming the newest ones. Insider threat didn't change, AI just gave it infinite lives. Above was built for tomorrow's threats, not yesterday's.
What we've built in such a short time is nothing short of legendary — which is part of why our mascot is a Griffin named Rook.
Oh, and those eyes? Heterochromia, courtesy of my Pomsky, Darth. Easter egg #3. 🐾
Griffins are legendary creatures (#NerdAlert), and I think what we're doing here genuinely is legendary. Griffins are protective and are symbols of wisdom across the many mythologies that reference them. If I had to choose between a griffin and a padlock to guard something important, I'm going with the half-bird-of-prey, half-lion every single time.
They carry a quiet confidence — they know they're formidable, you know they're formidable, and no one needs to announce it. They're here to guide, not shame.
That's exactly who Above is.
Ten years into this industry and I finally feel like I'm working on something that matches the size of the problem. The problem is real, the people solving it are real, and the solution — for once — is too. This is post one of many, and I genuinely cannot wait to share what I've learned, and continue to learn, with everyone who will read and listen. Lights up, y'all. 🎭
Above Security is an AI-native managed insider threat platform built to make insider risk proactive and operational through behavioral intelligence. Powered by a fleet of highly specialized AI investigators, Above analyzes the behavior of both humans and their AI counterparts to surface real risk — without rules, policies, or configuration. Above prevents and responds to insider risk with both in-the-moment coaching to stop risky behavior in real time and automatically produced evidentiary timelines that security, legal, and HR can actually use when a real incident occurs.
