The Opal Security team is thrilled to welcome Howard Ting as our new Chief Executive Officer! He brings more than two decades of experience scaling cybersecurity and enterprise software companies through periods of rapid growth and category creation. Howard joins at a moment when our customers are expanding quickly, adopting automation and AI-driven development earlier, and relying on Opal as core access infrastructure across their environments.

We sat down with Howard to discuss what drew him to the company, how he sees identity governance evolving, and where he plans to focus as Opal enters our next chapter.

What convinced you that now was the right moment to join Opal—and what did you see in the market that made the decision clear?

Over the past year, I’ve been hearing a consistent theme from CISOs, engineering leaders, and even a few founders I advise: access is getting harder because the way companies operate is changing. More of the meaningful access—and even the identities themselves—now originate inside engineering, automation, and cloud workflows. Standard IAM and IGA tools weren’t designed for any of this.

When I spent time with the Opal team and product, the fit was obvious. It reminded me of the early days at Palo Alto Networks and Nutanix, where the technology was already aligned to where the market was moving. Customer conversations only reinforced that Opal is solving a problem that’s accelerating quickly. That combination of timing, clarity, and real problem–solution alignment made the decision to join straightforward.

Opal sits at the intersection of identity, automation, and AI. From your vantage point, what’s changing in how organizations create and govern access today?

The level of precision expected in access decisions is changing considerably. It’s no longer sufficient to provision someone’s access once and assume it is, and will stay, correct. Organizations now want access to be explainable, time-bound, tied to real usage, and informed by risk.

At the same time, the environments and entities being governed are multiplying. Cloud roles, internal services, SaaS entitlements, and now AI-assisted coding tools all behave differently. Security and IAM teams are being obligated to apply one standard to all of it, which puts far more pressure on the tools and processes they’ve relied on historically.

You’ve led companies through category creation and hypergrowth. What aspects of Opal’s technology or approach stood out to you as fundamentally different?

I’ve been impressed with how directly Opal reflects our customers’ environments. Rather than building everything around request or compliance workflows, the product starts by mapping real access across cloud platforms, internal services, and the tools engineers use every day— including the newer AI coding agents that are now part of many teams’ workflows. That approach gives customers a clearer, more reliable picture to work from.

Another observation that stands out is the stability and flexibility of the architecture as environments grow. Nothing feels bolted on, and the system holds up as customers add scale and new types of identities. These are clear signs of a product with staying power.

Many of Opal’s customers are scaling faster than historical enterprise patterns, especially in AI and cloud. How does that shape the role Opal needs to play?

Fast-growing companies are reaching enterprise expectations earlier than ever. Often, this means the internal team still operates like a startup—but as soon as they’re working with larger customers or preparing for an IPO, the bar for access controls and auditability rises rapidly. AI-driven companies are seeing this shift even sooner because their development cycles move faster, automation expands the number of identities in play, and coding agents introduce new patterns that standard IGA tools don’t account for.

Security and IAM teams end up responsible for all of this at once. What they want is straightforward: a governance layer they don’t have to babysit and that evolves with their environment. Opal already fills this role for many such teams. We’re focused on staying ahead of where their needs are going.

AI coding agents like Cursor, Claude Code, Windsurf, and Cognition are introducing new access behaviors inside engineering orgs. How do you think enterprises should approach governing this kind of automation?

It’s easy to think of coding agents as mere tools. But once they can read repositories, update infrastructure, or trigger workflows, they introduce access patterns that need real governance. The ideal approach is to give agents clear ownership, scoped permissions, and full auditability from the start. This enables teams to embrace the technology without creating a parallel, unmanaged path into production. Opal helps here by modeling humans, services, and agents in one framework instead of treating them separately.

Opal is increasingly being adopted earlier in a company’s lifecycle and deeper into production environments. How do you plan to guide the company as it becomes more central infrastructure?

Becoming core infrastructure understandably changes the expectations customers have of you. Reliability, clarity, and speed matter even more, and the product has to feel predictable even as environments get more complex. My focus is to keep strengthening those qualities while staying close to the patterns we’re seeing in the field—more automation, more system-level identities, and more teams depending on Opal for day-to-day operations. As we move upmarket, the goal is to scale our execution without losing the discipline in the architecture or the responsiveness customers value today.

You’ve built and scaled teams at Palo Alto Networks, Nutanix, Redis, and Cyberhaven. What lessons from those experiences will you apply at Opal?

I’ve learned that great companies stay disciplined about the fundamentals even when they’re growing quickly. Clear priorities, transparent communication, and a willingness to make hard tradeoffs go a long way. I’ve also seen how powerful it is when product, engineering, and go-to-market teams all share the same level of customer obsession. When everyone sees the same problem and the same opportunity, execution gets a lot simpler. Opal already has a strong foundation, so my job is to build upon what’s already here.

As you’ve met Opal’s customers and team, what's impressed you most?

The common thread in every conversation has been how quickly people get to the substance. Customers describe very real operational challenges, and the team here engages with them in a way that’s unusually direct and thoughtful. There’s no hand-waving—just a clear focus on solving the problem in front of them.

I’ve also been struck by how much trust customers place in Opal, especially given how central identity has become to their operations. This level of partnership is hard to build, and it says a lot about the team and product that’s here.

Identity governance historically hasn’t kept pace with how engineering actually works. How do you see Opal closing that gap, especially as enterprises adopt AI and automation?

Standard governance tools were built for a world where access was limited to humans, changed slowly, and was handled through IT workflows. Engineering teams don’t work that way. They rely on automation, infrastructure as code, short deployment cycles, and now AI-assisted tools that generate new permissions as part of everyday development.

Opal closes this gap by meeting those teams where they are. The product models access directly from the systems engineers use, applies policy in real time, and gives security practitioners a way to guide decisions without inserting extra steps. When governance fits naturally into the engineering workflow, it stops being a blocker and starts being a safeguard that the organization can trust.

Looking ahead, what are your priorities for Opal over the next 12–18 months—from product direction to customer partnerships to organizational focus?

My priorities fall into three buckets. First, we’ll keep strengthening the core product so customers can rely on Opal for more use cases across their environment without adding overhead. Second, I want us to stay close to, and build for, the organizations that are stretching the boundaries of identity governance—the ones adopting automation, system-level identities, and AI-driven development at scale—because their patterns will become everyone else’s in a year or two. Finally, I intend to reshape the culture to provide more transparency, higher velocity execution, and better accountability to all of our stakeholders. 

What’s something that Opal’s customers and broader community might be surprised to learn about you?

In late 2005, Microsoft launched Active Directory Federation Services (ADFS), which subsequently became part of Azure AD and later Entra, and I was selected to present the demo with Bill Gates during his keynote at the RSA Conference in 2006. The demo took 90 seconds but the preparation required 90+ days of weekly reviews. In case you’re wondering, the demo ran smoothly—but the preparation is what I will never forget. 

What are you most passionate about outside of work?

My biggest passion outside of work is being the best dad I can be to my three young kids. At this stage of life, they take up most of my available time, energy, and attention—and while it can be nearly impossible to balance everything, it’s also incredibly rewarding and fun. I’m passionate about being present for them: helping with homework, coaching them in sports, wrestling with them, singing pop songs together, or just being goofy and laughing uncontrollably.

Balancing a demanding career with raising 3 kids isn’t easy, and I won’t pretend I’ve fully mastered it. But I won’t allow myself to fail or compromise in either role. That means being intentional with my time, setting boundaries where I can, and constantly reminding myself that the time I have with my kids is precious and fleeting.