Jason Mar-Tang

Senior Sales Engineer at Obsidian Security

Jason Mar-Tang, known professionally as Jay Mar-Tang, embodies the American Dream as a second-generation Chinese-Italian-American raised in New York City and now thriving in Signal Hill, California. Son of a Chinese-Trinidadian immigrant and second-generation Italian-American, Jason started his IT career at age 17 as an intern at Thacher Proffitt & Wood LLP, crossing Ground Zero daily. After earning a B.S. in Computer Engineering from Hofstra University, he worked at MetLife before joining RSA's Global Services Associate Program in 2010, diving into cybersecurity. At RSA (EMC's security division), he engineered solutions like MFA, DLP, SIEM, NetWitness full packet capture, and ECAT for endpoint compromise assessment across Philadelphia, New York, and Long Beach. In 2017, he shifted to CyberArk for privileged identity security, addressing identity compromise in incidents. Seeking proactive validation, he joined Pentera in 2020 as Senior Sales Engineer, rising to Director of Sales Engineering for the Americas (2022-2023), leading teams in North and Latin America, then AVP Field CISO (2024-2025), evangelizing automated security validation and attacker mindset. He co-founded SURGE in July 2025, serving as Co-Founder & CEO, pioneering Autonomous Forensic Assurance (AFA) for continuous verification in forensic workflows. Since March 2026, Jason is Senior Sales Engineer at [Obsidian Security](https://www.obsidiansecurity.com/), a Newport Beach-based SaaS/AI security firm (51-200 employees, founded 2017), helping enterprises secure SaaS/identity environments via technical discovery, demos, and bridging tech/business gaps. Holding CISSP (2014), CCSP (2023), Security+, and AWS Solutions Architect Associate, with 15+ years in sales engineering, Jason champions continuous testing, attacker perspectives, and context-aware risk prioritization over theoretical vulnerabilities. Passionate about health, fitness, bodybuilding (8 years), nutrition, men's health, leadership, and cultural experiences from NYC to Asian/Italian-American heritage, he turns complexity into outcomes.

Key Insights from Jason Mar-Tang

Think like the attacker to prioritize risk effectively.

— Jason Mar-Tang on Attacker Mindset

Continuous security validation is like martial arts training—pressure test to identify weaknesses.

— Jason Mar-Tang on Security Validation

Context is everything: theory vs. actual risk depends on compensating controls and business impact.

— Jason Mar-Tang on Risk Prioritization

Identity is the new perimeter; initial access brokers target it first.

— Jason Mar-Tang on Identity Security

Notable Quotes from Jason Mar-Tang

I’m at my best when bridging the gap between technical teams, business stakeholders, and executive decision-makers.

— Jason Mar-Tang

We have to put the attacker mindset first especially now because we see the decentralization of cyber crime.

— Jason Mar-Tang

Frequently Asked Questions about Jason Mar-Tang

How can organizations adopt an attacker's mindset in cybersecurity?

Adopting the attacker's mindset involves viewing your environment through their lens: identify entry points, lateral movement paths, and objectives. Tools like Pentera allow 'hacking yourself' continuously to validate defenses like MFA, SIEM, EDR. Differentiate theoretical risks (e.g., unexploitable CVSS 9.5) from actual ones by considering context—compensating controls, asset criticality, business impact (e.g., $3M/day revenue loss). Shift from annual pentests to automated, on-demand testing across on-prem, cloud, hybrid. This reduces dwell time, aligns security with business ops, and fosters purple teaming. [LinkedIn](https://www.linkedin.com/in/jaymartang), [CyberHub Podcast](https://www.youtube.com/watch?v=cvsDqejctSI).

What is the role of sales engineers in cybersecurity?

Sales engineers (SEs) are trusted advisors bridging products and customer pains, like startup founders engineering solutions. They demo, align tech to needs, advise on architectures (e.g., SaaS security at Obsidian), and evangelize (e.g., Field CISO at Pentera). Success demands technical depth (CISSP, CCSP), soft skills (listening, adaptability), and teamwork with sales/product. SEs prioritize via attacker mindset, quantify ROI (e.g., breach reduction), and evolve into leadership. Jason's 13+ years exemplify this: RSA to Obsidian. [CTO Show](https://www.youtube.com/watch?v=LnTaVMCUl1g).

Why continuous testing over manual pentests?

Manual pentests offer snapshots but miss dynamic changes (new identities, infra). Continuous automated validation (e.g., Pentera) tests 24/7 across vectors, measuring control efficacy (firewalls, EDR). Like backups, verify restoration; for security, confirm mitigations stop exploits. Covers internal/external/cloud, baselines global risk. Reduces false security, enables proactive remediation. Jason: 'Don't assume—validate.' Ideal for enterprises with evolving attack surfaces. [SANS Profile](https://www.sans.org/profiles/jay-mar-tang).

How has the cyber kill chain evolved?

Lockheed's kill chain (recon, weaponize, deliver, exploit, install, command/control, actions) remains foundational, but decentralized cybercrime fragments steps: initial access brokers sell identities, others execute. Objectives vary (ransomware, data theft). Mitigate early, but validate end-to-end. Jason stresses updating mindset for 2024+: identity focus, continuous exposure assessment. [CyberHub Podcast](https://www.youtube.com/watch?v=cvsDqejctSI).

Jason Mar-Tang — Areas of Expertise

  • Cybersecurity Sales Engineering
  • Automated Security Validation
  • SaaS & Identity Security
  • Attacker Mindset & Kill Chain
  • Risk Prioritization
  • Fitness & Nutrition
  • Guest

Jason Mar-Tang — Show Appearances

  • Mornings in the Lab (2023-10-26)

Jason Mar-Tang — Signal Brief

Signal Score: 6/100

Generated 2026-04-16T01:26:12.773Z