About Us

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies. Our solution identifies cloud infrastructure security risks and compliance violations and ensures that they are never repeated. Fugue provides baseline drift detection and automated remediation to eliminate data breaches, and powerful visualization and reporting tools to easily demonstrate compliance.

Fugue automates compliance audits with out-of-the-box frameworks for SOC 2, ISO 27001, HIPAA, GDPR, NIST 800-53, and CIS AWS and Microsoft Azure Benchmarks, and supports custom policies. Fugue works with CI/CD pipelines to ensure compliance and prevent unauthorized change. Customers like SparkPost, PBS, and SAP NS2 rely on Fugue to protect against cloud risks and enforce compliance.

The company has raised a total of $74MM from investors including New Enterprise Associates, The Maryland Venture Fund, and Core Capital Partners. With offices in Frederick, MD, Washington, DC, and San Jose, Our devoted team of more than 30 skilled engineers and talented creative professionals combines decades of experience with fresh vision and relentless quality control to deliver an innovative approach that works, while adhering to our shared cultural principles.

Our Leadership

Phillip Merrick
Chief Executive Officer
Phillip Merrick
Josh Stella
Co-founder & Chief Technology Officer
Josh Stella
Gus Bessalel
Chief Financial Officer
Gus Bessalel
Richard Park
Chief Product Officer
Richard Park
Andrew Wright
Co-founder & Vice President of Communications
Andrew Wright
Jared Elder
Vice President of Marketing
Ankush Khurana
Vice President of Customer Success and Solution Architecture
Wayne Crissman
Director of Security
Wayne Crissman

Our Advisors

Frank Slootman
ServiceNow & Snowflake
Ben Fathi
Cloudflare & VMware
Dave Merkel
Expel & FireEye
Chad Fowler
Microsoft & Wunderlist
Joe Payne
Code42 & Eloqua
Amena Ali
VividCortex & Earth Networks
Declan Morris
Splunk & Adobe
Steven Murray

Our Investors


Where Are We Located?

  • Location Details

    Fugue Offices

    San Jose, CA

  • Location Details

    Fugue Offices

    1800M St. Suite 510N Washington, DC 20036

  • Location Details

    Fugue Headquarters

    47 E. All Saints St. Frederick MD 21701

Career Opportunities

Join The Fugue Team

From Our Blog

Featured Articles

  • A Technical Analysis of the Capital One Cloud Misconfiguration Breach

    UPDATE: August 26, 2019 Since posting this, AWS has made some public statements regarding the breach that shed some light on what likely happened. From their response to Senator Ron Wyden, AWS stated: "As Capital One outlined in their public announcement, the attack occurred due to a misconfiguration error at the application layer of a firewall installed by Capital One, exacerbated by permissions set by Capital One that were likely broader than intended. After gaining access through the misconfigured firewall and having broader permission to access resources, we believe a SSRF attack was used (which is one of several ways an attacker could have potentially gotten access to data once they got in through the misconfigured firewall." "As discussed above, SSRF was not the primary factor in the attack. We are not aware of any other noteworthy SSRF compromises of AWS customers." Much has been made of the likely SSRF aspect of the breach, but as AWS makes clear, it was not the primary factor in the attack. Overly permissive configuration of cloud resources was. This post describes in detail some ways those resources may have been misconfigured and those misconfigurations exploited.   ORIGINAL POST: August 1, 2019 This is a technical exploration of how the Capital One breach might have occurred, based on the evidence we have from the criminal complaint. I want to start by saying that I deeply respect the Capital One cloud team, and have friends on it. They've been leaders in cloud computing, and what happened to them could have happened to nearly anyone. I'm also not criticizing Amazon Web Services (AWS)⁠—my previous employer. They offer secure services and I have nothing but respect for them. The purpose of this post is to explore a combination firewall/IAM/S3 attack to illustrate some of the dangers of cloud misconfigurations that every organization on cloud should heed.

    Read More
  • 5 Things Executives Need to Know About Cloud Security

    For twelve years I’ve held executive management positions at companies making significant use of the cloud. Now I have the privilege of helping lead Fugue, a leading provider of cloud security and compliance solutions. Along the way I’ve found that senior executives—both at technology companies and outside the tech industry—sometimes struggle to understand the security implications of moving to the cloud. It’s common for executives to simply make blanket declarations that the cloud will never be secure enough for them (untrue), or alternatively to hold the belief that the cloud service providers like Amazon, Microsoft and Google take care of all the security issues for you (also untrue).

    Read More
  • Shifting Left on Cloud Security and Compliance

    We're hearing a lot about “shifting left” these days in the industry, and like most popular terms the meaning can be hard to pin down, and some of the implications buried. This post will focus on how to shift security and compliance left in cloud computing. These two functions are closely related, but the operational aspect of each is quite different. However, before we get into specifics, it might be helpful to define what we mean by shifting left in general.  

    Read More