Andrew Becherer Joins Socket as Chief Information Security Officer

AI now writes as much as 90% of code at top engineering organizations, and the developers downstream of that code pull in open source they've never reviewed. Package hijackings and maintainer compromises that were once a handful of incidents a year now happen weekly. Modern engineering organizations depend on open source to ship faster, and they need security partners who can keep pace with that shift.

Today, we're welcoming Andrew Becherer as Socket's first Chief Information Security Officer.

Socket now protects more than 27,000 organizations, including enterprises that depend on us to secure the software supply chain behind their most important products. Security has always been central to how Socket builds, shaped by a team with deep experience maintaining critical open source infrastructure. At our current scale, that work needs dedicated executive leadership across security, compliance, and risk.

Andrew joins us after building security programs at some of the most consequential SaaS companies of the last decade. He began his security career at iSEC Partners, working with hyperscalers on infrastructure security. He went on to serve as CISO at Datadog during its hypergrowth years, then served as CISO at Iterable. Most recently he was CISO at Sublime Security. Between Iterable and Sublime he founded Staris AI, where he worked on the security and trust questions that come with building production AI systems. Andrew brings experience leading security at companies that move quickly, serve demanding customers, and operate in environments where trust is part of the product.

"Hiring our first CISO was always going to be one of the highest-stakes decisions we make," Socket CEO Feross Aboukhadijeh said. "Andrew has built and run security at every scale, and he understands the supply chain problem from both sides. He's a defender who's lived through it, and a builder who knows what tools actually help. He's the right person to own how Socket protects itself and how Socket shows up for the security teams we serve."

Andrew will help guide how Socket builds security into the company, the product, and our work with the broader community of defenders.

"I joined Socket because the supply chain is where the fight is right now, and Socket is doing some of the hardest, most important work in this space," Andrew said. "Every CISO I talk to is trying to figure out how to give their developers the open source ecosystem and the AI tooling they need without inheriting somebody else's malicious package. That’s the problem Socket exists to solve, and the team here has been ahead of it from the beginning, before the risk became painfully obvious to the rest of the industry."

This is a big moment for Socket. Andrew’s experience will help us strengthen the security program behind the products we build, the infrastructure we operate, and the open source ecosystem we’re here to protect.

We’re hiring across engineering, product, design, security, and go-to-market. Come build with us.