We built Native Security because we kept getting called in after the breach.
Cloud controls that are defined but never enforced are worse than no controls. They create false confidence. Native Security closes the enforcement gap.
How Native Security started
Amit Megiddo spent a decade in cloud security for multi-cloud enterprise teams — largely in the defense and government IT corridor around Reston, VA. The pattern he kept seeing: every large organization had a security policy framework carefully documented. AWS SCPs written. Azure Policy definitions configured. GCP Org Constraints listed in the compliance inventory.
But the controls drifted. Or were never wired into the deploy pipeline. Or covered 80% of accounts but not the ones being actively used. The incident reports always showed the same root cause: the control was defined but not consistently enforced.
Native Security was founded in 2024 in Reston, VA — intentionally near the government and enterprise buyers who have the highest concentration of this exact problem — to close that gap without adding yet another agent layer.
The team
Three people who have each been in the room where the breach gets explained — and decided to build the thing that prevents the next one.
Amit Megiddo
Cloud security practitioner with 10 years building and breaking controls in multi-cloud environments. Previously led security engineering at a government technology contractor in Northern Virginia, where the typical engagement started with a breach and ended with a policy document no one enforced.
Maya Soren
ML systems engineer who spent four years building policy evaluation pipelines at a cloud infrastructure company — the work that eventually became Native Security's AI control-mapping engine. Focused on making the gap analysis fast enough to run at every deploy, not once a quarter.
Daniel Ferreira
Cloud infrastructure specialist who spent six years architecting guardrail systems for a financial services firm — first in AWS, then cross-cloud when the firm expanded to Azure. Learned firsthand that every OU boundary someone adds becomes a place where SCP inheritance can break silently.
What we believe
Practitioner-first
We build for the engineer who has to explain the breach, not the CISO who approved the policy document. Features are designed around real workflow, not compliance checkbox lists.
Enforcement over documentation
A control that exists in a policy document but never fires is security theater. We measure success by whether the guardrail blocked the thing it was supposed to block.
Native, not added
We use what your cloud provider already built. No agents. No proprietary sensors. The controls are AWS SCPs, Azure Policies, GCP Org Constraints — Native Security maps and enforces what's already there.
Find us in Reston
1875 Explorer Street, Reston, VA 20190 — [email protected] — +1 (571) 203-8462