Push Security Welcomes Veteran Cybersecurity Leader and SANS Instructor Mark Orlando as Field CTO

Orlando brings two decades of security operations experience to advance Push’s mission of closing the browser blind spot for defenders

BOSTON — Sept. 9, 2025 — Push Security, a leader in browser-based detection and response, today announced the appointment of Mark Orlando as field chief technology officer (CTO). A lifelong defender, educator, and innovator in security operations, Orlando joins Push to help advance its mission to bring research-led detection and response to the browser — the new frontier for attackers.

With more than 20 years of experience building and leading security operations at the Pentagon, the White House, the Department of Energy, and Fortune 500 enterprises, Orlando will help guide Push Security’s strategy as it redefines how organizations bring active security to the browser.

“Everywhere I’ve worked, from government to the private sector, I’ve seen the same challenge: defenders trying to protect users where they actually work,” said Orlando. “Today, that’s the browser. It’s where attackers are targeting, and where security teams need to be. Push Security is one of the first companies I’ve seen that gets this right, and that’s why I’m here.”

In his new role, Orlando will serve as a bridge between practitioners and Push’s research-driven product innovation, ensuring that Push’s platform addresses the realities of today’s enterprise environment.

“Mark embodies the defender’s mindset—he’s built teams from the ground up, taught thousands of students as a SANS instructor, and led security at the highest levels,” said Adam Bateman, CEO of Push Security. “His perspective and credibility will help us scale Push’s impact and ensure defenders can meet attackers where they are—inside the browser.”

Orlando began his career as a SOC analyst and has since built and led security teams at some of the most sensitive and high-profile organizations in the world. Before joining Push, he co-founded Bionic Cyber, where he advised enterprises on building and scaling cyber defense capabilities. He also previously served as CTO of Raytheon Cyber where he defined technical strategy for consulting services, managed services, and strategic accounts worldwide. 

Orlando is currently a SANS Certified Instructor and co-author of LDR551: Building and Leading Security Operations Centers, and instructor for SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations, and he served in the U.S. Marine Corps as an Artillery Non-Commissioned Officer. His expertise has been featured at RSA, Black Hat, DefCon, and in leading publications including The New York Times, The Washington Post, and Bloomberg. He actively shares his thoughts on the current state of cybersecurity news on his Cybersecurity Leadership Weekly substack: https://markaorlando.substack.com/. 

About Push Security

Push Security brings real-time detection and response to the layer where users work — and where attackers operate, the browser. By deploying a powerful agent inside the browser, Push gives defenders full visibility into user activity, attacker behavior, and session-level risk. It detects threats like phishing kits and session hijacking, enforces protective controls like MFA and SSO, and provides the telemetry security teams need to investigate fast. Think of Push as being like EDR, but in the browser. Push was founded by former red team members skilled in offensive security and security operations and is backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, B3 Capital and other notable angel investors. For more information, visit https://pushsecurity.com or follow @pushsecurity.Enter some text...