ZEDEDA is proud to announce that John Donovan has joined the company as its new Head of Security, IT, and Compliance—a move that underscores the company’s unwavering commitment to security and customer trust. John’s arrival comes at a pivotal time as ZEDEDA continues to expand its global reach and deepen its leadership in secure edge orchestration.
A Proven Leader in Security and Community
John Donovan brings an impressive track record in security, compliance, and IT leadership, with deep roots in Silicon Valley and a global perspective shaped by roles at organizations such as InstaSecure, Malwarebytes, Illumio, Veracode, NetApp, and Xilinx. He is a recognized figure in the cybersecurity community, serving as past president and director-at-large for the Silicon Valley chapter of ISSA and earning the prestigious ISSA Distinguished Fellow award at Black Hat 2023. John is also a founding member of ISLF and SVCI, and a longtime contributor to DEFCON’s Wall of Sheep and Packet Hacking Village.
Beyond his professional credentials, John is known for his passion for community building and developing the next generation of cybersecurity leaders. He is a frequent speaker at major industry events such as RSA Conference, DEFCON, BSides, and Planet CyberSec, and co-hosts the Candid CISO podcast.
Why ZEDEDA? John’s Perspective
John’s decision to join ZEDEDA was driven by the company’s unique position at the intersection of edge computing and security. “I’ve done lots of stuff with cloud security, endpoint, and data center companies, but helping our customers manage the edge—whether it’s securely updating applications that run factories, power plants, or new applications in retail, oil and gas, or clean energy—is fascinating to me,” John explains.
He was also drawn by ZEDEDA’s diverse customer base and its global footprint, which bring both opportunities and complex security challenges as the company grows across Europe, India, and the Middle East.
ZEDEDA’s Security DNA: Raising the Bar for the Edge
Security has been foundational to ZEDEDA since day one. The company’s Zero Trust security model is designed to address the unique, perimeter-less challenges of edge infrastructure, where devices often operate outside controlled data centers and are exposed to physical and cyber threats. ZEDEDA’s approach is comprehensive, covering everything from secure development practices and proactive vulnerability management to rigorous internal data management.
ZEDEDA’s commitment is validated by industry-leading certifications. The company recently renewed its ISO/IEC 27001:2022 certification—an internationally recognized standard for information security—and maintains a SOC 2 Type II Attestation, demonstrating robust controls over the security, availability, and confidentiality of its cloud-based orchestration solution. These certifications are not just milestones but part of an ongoing process of continuous improvement, with regular audits and updates to ensure ZEDEDA stays ahead of evolving threats.
Secure by Design: The CISA Pledge and Customer Assurance
In 2023, under the leadership of co-founder and CTO Erik Nordmark, ZEDEDA became the first edge-focused vendor to sign the CISA Secure by Design pledge, a public commitment to integrating security at every stage of product development and deployment. This milestone builds on the strong foundation of EVE-OS, the open source operating system at the core of the ZEDEDA platform. EVE-OS, developed by ZEDEDA in collaboration with LF Edge’s Project Eve, is a lightweight, open-source operating system for the distributed edge that addresses security challenges through features such as immutable read-only images, hardware and software watchdogs, disabled physical ports, no user logins, mutual trust and distributed firewall, and advanced protections like measured boot and remote attestation using Trusted Platform Module (TPM) chips and firmware, ensuring that even stolen devices cannot be easily compromised.
John is enthusiastic about the company’s progress since signing the pledge and the launch of ZEDEDA’s internal “Secure by Design” program, which ensures that security principles are embedded across teams and processes. “Since signing the CISA Secure by Design pledge last year, we’ve made significant strides in embedding security principles across our organization. We launched our internal Secure by Design program, which has driven improvements not just in our development processes, but in how we communicate and deliver security assurance to our customers. For example, we’ve enhanced our vulnerability management, strengthened our authentication options, and made it even easier for customers to understand and leverage our security controls. This ongoing work is about giving our customers confidence that security is built into everything we do—from product design to deployment and beyond,” John shares.
Transparency is central to ZEDEDA’s approach. The company is committed to open communication with customers about its security practices, empowering them to make informed decisions about their edge computing strategies. As John puts it, “Being transparent is essential, especially when it comes to communicating with customers about vulnerabilities—whether they’re in our own code or within our supply chain. It’s important to ensure customers have the necessary updates and are fully informed before anything is disclosed publicly. Continuously improving in this area is a priority, and it’s becoming a core part of ZEDEDA’s culture as we grow.”
Why Security Matters: Customer Trust and Business Value
For ZEDEDA, security is not just a technical requirement but a business imperative. Customers rely on ZEDEDA to manage critical operations and sensitive data at the edge, often in environments with little or no on-site IT staff. “Our customers want to make sure that we have good practices in place because they’re designing ZEDEDA’s cloud services and solutions into their own products. It’s critical to how they’re going to operate and make sure that their customers are safe and secure,” John emphasizes.
ZEDEDA’s certifications and alignment with frameworks like HIPAA further support customers in regulated industries, providing assurance that their compliance needs are met. The company’s Zero Trust model and continuous improvement processes help customers focus on innovation and growth, confident that their infrastructure is protected by industry-leading security measures.
Learn more about ZEDEDA’s security architecture in this white paper.
Looking Ahead: Security, AI, and the Edge
John is keenly aware of the evolving landscape, particularly the intersection of edge computing, AI and security. “Complexity is often the enemy of security, as attackers exploit environments where small misconfigurations or overlooked details can create vulnerabilities. ZEDEDA has gone to market with ways of helping our customers have better assurance about running these types of applications, whether they are AI, machine vision, or others, at the edge,” he says.
ZEDEDA is leveraging AI to enhance its own defenses and support customers, while also preparing for the new threats that AI-driven attackers may bring.
A Community-Driven Approach
John’s leadership style is rooted in collaboration—both within ZEDEDA and across the broader security community. He remains an active participant in industry events, including BSides SF (April 26 – 27), and the RSA Conference in San Francisco (April 28 – May 1), and conferences like DEFCON that focus on industry-specific security challenges. “The defenders all have to be in this together,” John notes, highlighting the importance of shared learning and collective action in facing today’s security threats.
With John Donovan leading Security, IT, and Compliance, ZEDEDA is doubling down on its commitment to secure, transparent, and innovative edge solutions—ensuring that customers can harness the full potential of the edge with confidence.
