Security doesn’t have to be complicated to be effective. This conversation reveals how practical controls, simplified processes, and continuous customer engagement are helping organizations achieve strong security without slowing down business.
At Black Hat USA 2025, Danny Jenkins, CEO of ThreatLocker, shares how his team is proving that effective cybersecurity doesn’t have to be overly complex. The conversation centers on a straightforward yet powerful principle: security should be simple enough to implement quickly and consistently, while still addressing the evolving needs of diverse organizations.
Jenkins emphasizes that the industry has moved beyond selling “magic” solutions that promise to find every threat. Instead, customers are demanding tangible results—tools that block threats by default, simplify approvals, and make exceptions easy to manage. ThreatLocker’s platform is built on this premise, enabling over 54,000 organizations worldwide to maintain a secure environment without slowing business operations.
A highlight from the event is ThreatLocker’s Defense Against Configurations (DAC) module. This feature performs 170 daily checks on every endpoint, aligning them with compliance frameworks like NIST and FedRAMP. It not only detects misconfigurations but also explains why they matter and how to fix them. Jenkins admits the tool even revealed gaps in ThreatLocker’s own environment—issues that were resolved in minutes—proving its practical value.
The discussion also touches on the company’s recent FedRAMP authorization process, a rigorous journey that validates both the product’s and the company’s security maturity. For federal agencies and contractors, this means faster compliance with CMMC and NIST requirements. For commercial clients, it’s an assurance that they’re working with a partner whose internal security practices meet some of the highest standards in the industry.
As ThreatLocker expands its integrations and modules, Jenkins stresses that simplicity remains the guiding principle. This is achieved through constant engagement with customers—at trade shows, in the field, and within the company’s own managed services operations. By actively using their own products at scale, the team identifies friction points and smooths them out before customers encounter them.
In short, the message from the booth at Black Hat is clear: effective security comes from strong fundamentals, simplified management, and a relentless focus on the user experience.
Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974
Note: This story contains promotional content. Learn more.
Guest: Danny Jenkins, CEO of ThreatLocker | On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/
Resources
Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker
Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25
Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Sean Martin: All right. Danny Jenkins, here we are, man. Again, we're in Las Vegas. Yes, it's a nice cool day out.
Danny Jenkins: Is it?
Sean Martin: I think so.
Danny Jenkins: You went outside, it was like 115 yesterday when I landed.
Sean Martin: It was triple digits for sure. We drove in yesterday and we stood outside for a few minutes for a video and I think only matter of moments before I started sweating, it was very hot.
Danny Jenkins: Very hot. And I came from Orlando, so saying it's very hot coming from Orlando.
Sean Martin: We have some great weather in Orlando. And good team in Orlando as well. We had the pleasure of joining you for Zero Trust World. Incredible event. Hopefully people get to join you for your next one.
Danny Jenkins: Yes. I think we're hoping to join you as well. Yeah, we're looking forward to it. It's March next year, this time. Yeah. It's gonna be fun.
Sean Martin: So we're here in Vegas, obviously for Black Hat USA 2025. Your presence here continues to grow. You're able to find a way to cut through the noise, clearly zero trust is a big topic, continues to be, and organizations I feel are starting to really get a grasp on what that means for them operationally. What's kind of the vibe here now that you're here in Vegas and talking to folks?
Danny Jenkins: So I think zero trust. Not Zero trust. I think at the end of the day, people are looking for tangible solutions that actually work. We've gone past this stage where we can sell air and we can say, oh, this is the best thing that's gonna magically find all the bad things on your system. People are starting to realize that's not an option. And what ThreatLocker is focused on is really how do we tell people this is the right tools and this is the easiest way to do it. And that's really where we're winning. I mean, we've gone, five or six years, we've gone from zero to 54,000 companies that use our products worldwide. And the people are excited here. We have big organizations, medium organizations, small organizations coming up to the booth, amazed by the technology we've delivered to them, and amazed by the new stuff we've added as well.
Sean Martin: Yeah, yeah. And it wasn't directly solicited, but the feedback from customers at Zero Trust World was incredible. The ease of use of the solution, the way it actually enables them to conduct business safely. They don't have to worry about a bunch of stuff. And that leads me to the point of a talk you have here at Black Hat around simplifying security, and I think that just that topic itself is spot on. Because complexity drives exposure, drives chaos, which if you try to reign all that in, you're spending time reigning it in as opposed to doing business. So tell me a little bit about the session that you're doing and then that concept in general.
Danny Jenkins: Really we're gonna give you essentially a list of these are the things that you, these are the things that you should be doing. It's not brain surgery. It's not complicated. It's just you go through the process. People think security is some magic. We're trying to outsmart the attackers. No, we're just putting basic controls in place, basic principles in place, and then you don't need to outsmart the attackers because they just can't get in. And that's really what we're gonna talk about is stop trying to overcomplicate it and just say, this is my system. This is how it needs to work, this is what I need to do. How many give you a list of things you should go home and do, go back to the office and do when you leave Vegas.
Sean Martin: And so we've talked to a number of members of the team and there's always the general here's how things look and work. And then there's always the exception. And I think that's where you and your team really shine in the solution is keeping it simple when managing the exception because there's always that one request that comes through, I need access to this, or we need to share this, or whatever. And to be able to do that simply is a gift.
Danny Jenkins: So when we started, I mean ThreatLocker is an entire platform now, but when we started, we realized that our first goal was to stop people allowing software by default. Because we knew malware is just software. So how do we just block this stuff by default? And we realized there's three problems that we've gotta solve. One is it's gotta be really easy to deploy. So we made it really easy to deploy. Now, what's easy for the customer required a lot of preparation work for us in that we put the efforts in on every, we've got information on, well, full information on 10,000 plus applications, partial information on 40,000 plus applications. What that means to a customer is we've done all that work, so you don't have to, we just say, you've got this app, this is what you need to know, and that's made it easy for the customer. So the deployment, the management is easy with tracking those updates. But then of course, when CEO's at the trade show and he wants to get his USB drive work in 10 minutes is too long, so we better work in 60 seconds. So that's where you can approve things, whether it's a USB drive, a piece of software. Whether it's stopping something, going out to the internet or a website. You can approve it in 60 seconds on your phone from your office. It doesn't matter. And we had these computers need to make some change today. It was done. Like we started making a change at 9:57 and all computers were changed by 10 o'clock and everybody walked in the door.
Sean Martin: I love it. And I can confirm we've had a few interviews with your team. We used some software to record. And it's blocked by default. And within a matter of moments, your team was able to connect with our platform. Do the recordings. Easy peasy. So talk to me about, so obviously a platform, multiple modules, organizations can turn them on, use them in different ways to achieve their own security posture in line with their desired business objectives. A new module you just launched, defense against configurations. So DAC, tell me a bit about what that is.
Danny Jenkins: Yeah, so, and this is actually a feature that we include across our platform in all modules. So if you've got anything, we include it. And what we realized is we've got 54,000 companies. Every time we see a successful breach it's because they literally didn't turn on the security or, and they forgot they were busy. IT people, security people get busy. So we, a few years ago, we set up account management teams. Their job is to email and harass people, but they can only email and harass someone that much time and say, you haven't configured this right? And they were trying to check lots of things. So then we realized we need to make this automated. And we started off with a ThreatLocker stuff. So we'll say we're gonna do all the checks of your ThreatLocker configuration and make sure it's right. And the second thing we realized, if we're gonna do the ThreatLocker stuff, why don't we expand it to all of the Windows settings that should be set by default, right? So we're doing 170 checks on your endpoint, every endpoint, every day, and automatically reporting of the ThreatLocker central database where you can go and see it, the results, right? We'll send you an email once a week saying where your problems are. Align every failure to a compliance framework. So as a CS Cyber security framework requires 171 requires this. So that's really what we did. And we said, let's expand it out like that. And now it's, you got, we got a beautiful product that very easily shows you what's wrong in your environment, shows you how important it is. It shows you why it's wrong and how you can fix it and what's cool. We ran this in our own environment and we found failures in our own environment, which is a little bit embarrassing, but within five minutes. Between the ThreatLocker products and the other small Windows changes our entire environment was secure.
Sean Martin: And very, I'd rather be embarrassed for misconfiguration or a lack of configuration than the alternative.
Danny Jenkins: Yeah. That's it. Yeah. And the future goal is to expand this out as well to third party systems like Office 365 or Microsoft 365.
Sean Martin: Yeah, I think there's a whole space there. I've seen some organizations struggle with a lot of the business applications, not just Office, but like SAP and a bunch of other things that they're doing. So many things in those environments. They also need the concept of only what's right for the moment, for the person, for the system. You talked a bit about small organizations, medium organizations, large enterprise, one whole set of the commercial space. But then there's a special set of organizations in the federal government that requires certain things to be done in order to engage with them. They have the same challenges, the commercial space, maybe in a, maybe even a heightened set of requirements. C3PAO audit, CMMC, FedRAMP, all this stuff. So talk to me a little bit about what you've done to reach those organizations, those departments, those institutions with your solution in a way that they can actually accept it.
Danny Jenkins: So well, and actually, so ThreatLocker has been providing services to the federal government for a long time. We've got parts of the US Navy as customers for a long time, but as requirements straighten up. They require FedRAMP. Three PAO audits and also anyone who's a defense contractor is now being put pressure on. This is a cloud service. Is it considered confidential data? Isn't it considered confidential data and the lines get really gray? Especially when it comes to security products. Because the more we can ingest, of course, the better our product can be. But also we don't wanna cross that line, ingest something that we shouldn't do. So we, what we did is in the low, over the last 18 months, we've been going through a full FedRAMP Three PAO audit. We completed that audit, got a clean audit, a few months ago. We now have a sponsor and filed for a raw report onto the FedRAMP marketplace. So we're now FedRAMP ready listed. We have a Three PAO. So if you're a federal agency or A-CMMC, you can use that Three PAO to certify the products, and we also will have a full sponsor within the next few months.
Sean Martin: So the value to you as an organization delivering security products and services to them is, I probably well understood, but what's the value for your solution in that environment? Maybe you can kind of touch on that.
Danny Jenkins: Well, it's huge because if you look at the requirements, so NIST 800-171 by three requires white listing explicitly. And even outside of those requirements, there's so many other areas of check file auditing is another one. Network locking the ability to lock down ports. All of these are requirements in NIST. ThreatLocker is one platform where you can really tick off nearly half your NIST requirements in one go. And with the defense against configuration, I'll actually check a lot of the Windows settings and it'll tell you, this doesn't meet FedRAMP. You haven't turned on FIPS, you haven't done this, which is another huge advantage for those customers.
Sean Martin: And then for. And correct me if I'm wrong, but I think it also looks at internal operations for ThreatLocker as well, right? How you build the products and how you manage the
Danny Jenkins: Oh, from a FedRAMP point of view. Yeah. Yeah. So it's, and we didn't have to make many changes into ThreatLocker because we've always been on the paranoid side of security, right? So everything we've always done has been a zero trust approach to begin with within our own environment. And the internal, the software development lifecycle has always met those requirements. We've been SOC 2 Type 2 for some time now, right? We go through, we follow NIST standards anyway, however, there were some changes we had to make. Mainly the changes that got restricted as a result of the FedRAMP implementations was they could not talk to some of the third party integrations we had, so some of the help desk systems that customers were using. It's like you can't send the data to it because that falls outside of the FedRAMP. Got it. I see. Okay. So that's really the biggest change we did. The nice thing is because we had so well prepared, our security was very, very ready. There was a couple of small things where the terms of encryption features on. On the way we store data, but outside of that, it was relatively small.
Sean Martin: Does it look at your development process as well? Absolutely. Yeah. It's like FIPS does for sure, right?
Danny Jenkins: Yeah, yeah. Absolutely. So, and essentially we already did all of those code. So there's a bunch of code review practices, US system requirements, despite my strange accent, actually a US citizen. So, and they go through all of those requirements in there. So we already had all of those in place. Some of it had to be a little bit cleaner, formalized. So that has to be a separate report to say this was done. Right? Right. So whenever we do a build now it's going to our regular instances and our FedRAMP instance last, and that extra check happens before it goes to the FedRAMP instance. But all of that was really well put in place to begin with. Because our security team is on the side of paranoid knots.
Sean Martin: Yeah. Yeah, absolutely. So I, years ago I worked for an organization that built for FIPS 140-2, and then it was intense. And I think what if you're not in the federal government, you might not recognize what FedRAMP means to achieve that. And so the reason I'm asking these questions is for the customers you have, the prospects you're speaking with that don't understand the value of FedRAMP or them, even though they're not requiring FedRAMP to engage with them. Just the whole. The maturity of your organization from a security perspective. How you operate, how you build, how you deliver maturity of the application in terms of security and privacy and how you can't get through that if you don't have those materials in place. And Exactly. So, and I think you wanna work with an, as a customer, you wanna work with an organization that gets that, right? Absolutely. Because it's the right thing to do. And there, and then also because they can demonstrate it through something like a FedRAMP that says, we, we know this is the right thing to do. We, we now can demonstrate that through FedRAMP
Danny Jenkins: And that's really it. Customers are much happier working once you've completed these audits and they feel more comfortable that you've got these processes in place. I will say one thing though, okay. Compliance and security are not the same thing. I know compliance often. And in some respects, we had to turn features off that made our environment less secure because of FedRAMP requirements. Interesting. We superseded them with alternative methods, but then they're net not necessarily aligned, but. You know, when you're going through that checklist, you're locking this down really, really tight. And I remember someone did a slide once at a trade show, and it was the best analogy I could see of the difference between compliance and security. There was a guy on a motorcycle naked with a helmet on and he said, this guy's compliant. So you've always gotta think about these things when you're building. We build security first, and then we make, and we build our products as security first. We build our infrastructure security first. We build our team security first, and then we add compliance, layer compliance on top of that. And that allows us to make sure we haven't missed anything and aligns up. Right. And if you've done your security right, you shouldn't have to add too much to the compliance. Right. If anything, you are adding a little bit more process, right?
Sean Martin: Yeah. That's perfect. Well, the huge effort, congratulations on that success and hopefully that brings you some new opportunities as well. What, as we have guests passing by, what's, let's wrap at this. What's coming next? What's on the horizon? I know you can't give away too much, but is there a trend? Is there a trend you see happening?
Danny Jenkins: Look, I see right. ThreatLocker has really developed into a very, very highly powered cybersecurity platform that focuses on zero trust principles first. So, our goal is to continue to expand that, to expand the platform, making it easier for people to gain zero trust in different areas in right. We did Microsoft integrations earlier on this year. Third party integrations, more of those helping customers throughout their entire ecosystem.
Sean Martin: How do you, I'll close with this. How do you continue to grow the platform, the modules, the capabilities that, that starts to get, I don't wanna say complex, but there's a lot going on there. How do you maintain simplicity as you grow that?
Danny Jenkins: I think you follow the same principle on everything you add and you check it and you question. And one of the things we do as a company, I'm here today, I'll see our chief product officer is in Brazil. At a Gartner event today. That's right. We love Rob. I will stand on this floor and I will meet with as many customers as possible. All of our product people meet with customers, and the reason we do that is not to hear how great our product is, which we do plenty, but also what is hard, this is what's be so long, and that's how you do it. If as long as. The people who are controlling the direction of the product are constantly engaged with the user of the product. You win. So many companies separate it. You stop the CEO stops coming out, the chief product officer stops coming out. It's really, really important. We understand the customer's complaints and we understand their problems and we understand how they use it. And if you do that, you always win. Yeah. We also the biggest user of every one of our products, so we have managed services around, both our EDR and MD with our MDR and our approvals and white lists with our, cyber hero approvals. Which means we have over a million endpoints that send their approvals to ThreatLocker to process. So if it was hard, we'd be outta business.
Sean Martin: That's right. So as you're describing all this, and I got to see you in the Ironman suit at Zero Trust World, and before we started recording, we talked about it being hot and uncomfortable, but you said it was actually more than uncomfortable. It actually would pinch you sometimes.
Danny Jenkins: Everywhere. The blisters all over my legs, everywhere. So you wanna soften those edges. You want to remove those points where pinching can occur. Yeah. And it sounds like your team pays attention to that and makes we, we do that all the time. Makes the product comfortable to wear.
Danny Jenkins: Yeah, we do it all the time. We make sure our devs are involved. We make sure our products team, if you look here today, we've got our tech product lead here at the booth. We've got our, development, one of our development managers here at the booth. And they're here. They're here to use the product. They're here to see customers questions. They're here to see everything. And we take that feedback back and we go away. And I think everyone in ThreatLocker almost sees it as shame. When we fail and we do fail, we make mistakes. We didn't think things through properly. You don't understand how a user is gonna interact with an application. But we, we get embarrassed by that, and we go back and we make it better. And as long as you continue to do that. But then your product is always gonna improve and be easier and faster.
Sean Martin: You know what I love about this is your time here is about engaging with the customer and making things better. And I don't hear that a lot on the rest of the show for it becomes No, I it becomes numbers and leads from marketing.
Danny Jenkins: I would almost guarantee that anyone on these front booths does not have their CEO, their product leads. At the booth, right? And that, and that's why we are gonna continue to grow at the rate we've been growing and continue to take over the market and secure people that weren't secured before.
Sean Martin: I love it. Love what you guys do. Thrilled to be partnering with you to help tell your story and, Danny appreciate it. Thank you. Thank you, Jim. Thanks everybody for listening and watching. And. Please connect with Danny and the team, and we've had a number of conversations with team members and so we encourage you to listen to those and hear about the different modules and different capabilities. And, stay tuned for all of our coverage here from Black Hat itspmagazine.com/basa25. See all the next one. Thanks again, Danny. Thank you.