We’re on a mission to simplify API security and allow enterprises, developers, and DevSecOps teams to embrace modernization, complex deployments, and hybrid environments with confidence.
Corsha is a well-funded, cybersecurity company in the Washington, D.C. area with novel technology for API security. Our core technology is dual use, designed for widespread adoption, and easy to configure and deploy to both commercial and government customers. Corsha has a strong engineering team with deep expertise in distributed ledgers, cryptography, security principles, orchestration technologies, and software design.
Chris Simkins is the CEO and Co-Founder of Corsha. He is an entrepreneur, lawyer and consultant, with over 20 years of experience protecting data and technology. He co-founded and was CEO of Chain Security, a technology supply chain and product development security firm, until exiting to found Corsha.
Chris worked in the U.S. Department of Justice, first in the Counterespionage Section and then as a senior advisor to the Assistant Attorneys General for the National Security and Criminal Divisions. He managed national security programs and was DOJ’s representative on the Committee on Foreign Investment in the U.S. (CFIUS).
He has practiced law with two prominent DC law firms and in his own solo practice.
Anusha Iyer is the CTO and Co-Founder of Corsha. She is a technology leader with over 15 years of experience in security-minded software, analytics, and managed services. A Carnegie Mellon alum, she started in the Washington, DC area at the Naval Research Lab. At NRL, her focus was on reverse engineering and tactical edge networking.
Most recently, she was the Director of Software Programs at Galois, Inc., managing DARPA contracts in the areas of privacy, cyber-mission planning, and software diversity.
At Corsha, Anusha is passionate about making security accessible, easy to adopt, even self-assuring.
Our Approach to Security
When we started Corsha, we wanted to write down the core security principles that would guide the company and products. These principles were borne out of decades of experience in cybersecurity and data protection. By knowing our guiding principles, we hope our customers will better understand the value of our Platform:
- Distributed: Single, centralized repositories are natural vulnerability points in an enterprise. Our Platform is distributed, raising the bar on attack sophistication.
- Dynamic: Static credentials, even complex keys, can be used by anyone who has them. Moving targets are harder to hit. Our Platform requires a unique, one-time use, dynamic security credential for every API call.
- Private: Repositories of private information are ripe targets for attack. Our Platform does not store or rely on customers’ private data. We do not need to analyze or collect data traffic signatures, machine ‘fingerprints,’ or environment details to work. Respecting this boundary reduces risk for both us and you.
- Effortless: Security only works when it is used – seems obvious, right? Yet we all know cybersecurity is often at odds with integration and usability. Seamless integration and flexibility have to be on par with security promises for our Platform to be adopted.
- Performant: Modern deployments demand a platform that is cloud-native, platform agnostic, and highly scalable. Our Platform has to match the speed and scale of cloud. Period.