We sat down with Upfort co-founder and CTO Han Wang to chat about his unique career journey which took him from UC Berkeley to the US Army where he was one of the first members of the US Army Cyber Corps helping to implement and secure networks in active theaters of war. 

In addition, we discussed his time working on advanced atomic projects at the Lawrence Livermore National Laboratory and DARPA’s Project Sigma. Han details how these experiences influenced the founding of Upfort and his continuing work building powerful, yet accessible, AI-powered cyber defenses for the SMB market.

What inspired you to pursue a tech-focused career?

I’ve always been fascinated with building things and discovering patterns. In high school, I saved up enough money as a tutor to buy my first used car, a 20-year-old Mazda MX-6. I spent endless hours fixing and improving it. That experience really sparked something and I knew I wanted to have a career in engineering in some capacity. 

Then during my time as an undergrad at UC Berkeley, I took my first computer science class where I realized that computers can model the real world and predict events before they happen, which I thought was fascinating.

What led you to join the Army? 

Military service seemed like a positive way to make an impact and experience different parts of the world while paying for college. ROTC gave me purpose and independence in a lot of ways. My time in the Army gave me everything I have, from skills to opportunities. 

Military service seemed like a positive way to make an impact and experience different parts of the world while paying for college. ROTC gave me purpose and independence in a lot of ways. My time in the Army gave me everything I have, from skills to opportunities. 

Tell us about your role and work at the Lawrence Livermore National Laboratory (LLNL).

There was a program to recruit ROTC cadets into LLNL. There, I helped create physics simulations that modeled how atomic particles interacted with physical objects. Working on these simulations showed me that extremely complex systems can become quite simple once they’re broken down into their constituent parts and even nuclear fusion can be solved one step at a time.

And that’s what led to your role at DARPA?

Yes. My former supervisor and mentor at LLNL moved from the Department of Energy to the Department of Defense and recruited me to work on DARPA's Project Sigma, which developed the capability to trace radioactive materials through our major cities and ports.

The project used networked radiation sensors placed throughout major cities and then fed into the cloud for post-analysis and map generation. Due to the huge amount of data and compute required, Project Sigma was one of the first uses of AWS GovCloud inside DARPA. I helped create and oversee the security of the compute infrastructure.

You then did some work with the U.S. Army Cyber Corps. What can you tell us about your role and the types of projects you worked on?

I was actually one of the first members of the Army’s Cyber Corps. My team began performing cyber defense missions in theater when cyber missions still fell under the purview of the Signal Corps. We were tasked with securing and improving the network defense of strategic bases within CentCom. My team traveled across Iraq, Kuwait, Jordan, Bahrain, UAE, and Qatar to physically plug into the local server stacks and analyze them for vulnerabilities or compromise.

Did anything from your military experience inspire your work with Upfort?

It was shocking to see how it required a battalion of personnel to perform simple tasks such as vulnerability management, asset management, or URL/IP whitelists. It made me realize the value of consolidated security—particularly in the private sector. 

If one security vendor was deeply integrated with all of these functions, they could deliver enterprise-grade security capabilities in a way that was easy for a non-technical small business owner to implement and at prices any organization could afford. That idea turned into the company that became Upfort.

Upfort had its start in Y Combinator. How did that come about? 

Very serendipitously—just a pitch and an idea. We hadn’t even started the codebase yet. It was obvious that there was a need for SMB cyber security. The original idea was to package with insurance. We were there at the crest of the InsurTech wave. 

How was your experience there?

It was a firehose of information and thought patterns for a space that was completely foreign to me. For someone like myself who was only four months out from deployment when starting at YC, it was a big adjustment. It was challenging, but I still look at that time with fondness as it gave me many of the tools I needed to shepherd Upfort through these years.

Has your military experience helped in your role as CTO?

Definitely. It helped me with managing a team and delegating responsibilities. Typically, engineering managers come from individual contributor roles and don’t have management experience prior to running their first team. I was able to bring over many Army small-team management systems to Upfort, which proved invaluable while we were scaling up our remote-first engineering team.

‍

What are some projects you’re currently working on for Upfort?

We’re implementing AI across the board in all our solutions. We’ve just launched our LLM-powered Inbox Defender that understands English just as well as a human does to surface potential social engineering attacks in real time. 

We’re in beta with our XDR software which has an AI-based pattern recognition engine that recognizes ransomware based on behavior, not just its file hash or signature. This helps keep companies ahead against novel attacks. The core detection engine we’re using was originally fielded by the US Air Force. I first became aware of it during a war game against the Air Force (and we lost horrendously). It feels great to commercialize that powerful tech with Upfort so it can be used by companies of all sizes.

Typically, engineering managers come from individual contributor roles and don’t have management experience prior to running their first team. I was able to bring over many Army small-team management systems to Upfort, which proved invaluable while we were scaling up our remote-first engineering team.

We’re also updating vulnerability scans with LLM-based parsers which will synthesize all the network data we retrieve from a host to distill software packages and version numbers with a significantly higher degree of fidelity and confidence.

What are some of the features of the Upfort platform you’re most proud of? 

I think we accomplished what we set out to do with integration and ease of use. A traditional enterprise security stack, as an example, needs to manage at least three website whitelists—one at the content filter, another at the network firewall, and then one for the inbox link sandbox. Our platform combines all three lists into one. An admin simply tells their Upfort Shield they want to allow a website and our software just does the rest. It’s innovations like these that allow Upfort to be a fit for enterprises big and small.