Cris Neckar

Cris Neckar is a Partner at Two Bear Capital, investing in cybersecurity and the intersection of technology and life sciences. With a strong background in the information security industry, Cris spends his time tackling complex challenges related to data sovereignty, sharing, and security. Previously, Cris served as the Chief Information Security Officer for Spring Labs, a pioneering technology company known for its decentralized tokenization platform. His strategic leadership played a vital role in utilizing technology to address previously insurmountable data security issues. As the co-founder of Divergent Security, a top-tier offensive cybersecurity assessment firm, Cris was at the forefront of continual security assessment practices. By continuously identifying and addressing vulnerabilities, Divergent Security ensured robust cybersecurity for its clients. Notably, while at Divergent, Cris played a crucial role in the initial discovery and analysis of NSO Group's Pegasus spyware. Cris was one of the original members of Google's Chrome Security Team, where he contributed to advancements in the hardening of web browsers, attack mitigation technologies, automated and crowd-sourced vulnerability identification, and the discovery of malicious actions and campaigns. This work laid the foundation for Google’s Project Zero and Open Source Software Security Teams which continue to expose the actions of nation states and organized crime syndicates, bolstering online security. Cris began his career at Neohapsis (now Cisco Systems), where he served as a Senior Security Consultant and the Application Security Practice Lead. Managing a range of security services, he earned a reputation as a trusted expert and researcher. Notably, Cris led the team responsible for reverse engineering the malware and payloads associated with the breach of Heartland Payment Systems. Beyond his professional accomplishments, Cris commonly speaks at prestigious technical conferences, sharing his insights in the cybersecurity field. His research is highly regarded and frequently cited across the industry. Additionally, he has contributed as a longstanding curriculum advisory board member and adjunct professor for DePaul University's cybersecurity graduate school program, developing and teaching innovative courses on software security assessment and exploit development.