Technical Marketer · Cybersecurity Strategist

Making technical messaging
feel simple and inevitable.

I translate hard technical problems into sharp market strategy — positioning, messaging, and launches that build pipeline and move markets.

By the numbers

$21M Pipeline influenced in one launch
80+ Assets, one product launch
#1 Ranking in Forrester WAF Wave, 2025
7+ Years in cybersecurity
3 Industry-leading companies

About me

I live at the intersection of security, story, and strategy.

I've spent 7+ years at the intersection of technical strategy, risk communication, and marketing, making complex security concepts actionable. My career spans application security, data governance, and AI protection — giving me a deep, practical understanding of modern threat vectors and compliance landscapes.

I specialize in translating technical specifications into robust frameworks, driving cross-functional alignment across engineering and compliance teams, and building metrics-driven strategies. A self-driven technical strategist, I leverage advanced process development and custom AI automation to streamline workflows and manage risk. Whether architecting market positioning or designing internal governance and communication strategies, my focus is on making strategy and risk mitigation easy to understand for any stakeholder.

My full legal name is Catherine Maris Dobbins, but I usually prefer to go by Catherine Newcomb (my maiden name) in a professional context.

Messaging & Positioning Go-to-Market Analyst Relations Sales Enablement Competitive Intelligence Content Strategy Compliance & GRC
Catherine Newcomb speaking at RSAC

Writing & Research

Content that informs
and converts

View all writing →

Research Report · Cloudflare · 2024

State of Application Security, 2024

Annual Cloudflare research report analyzing web application and API security trends. Uncovers threat vectors, protection mechanisms, and industry benchmarks using first-party analysis of Cloudflare's global network data.

Whitepaper · Varonis · 2022

US Data Protection and Privacy

Survey of key U.S. consumer data protection and privacy legislation — FCRA, GLBA, SOX, HIPAA, and state-specific data privacy laws — for legal, compliance, and security audiences.

Presentations & Speaking

On stage, on camera,
on demand

View all →

Webinar · Cloudflare + Forrester · 2026

Practical Tips for Securing Public-Facing AI Apps and Cutting Through the Noise

Joint webinar with Forrester covering AI application security challenges, prioritization strategies for security teams, and a market look ahead. Co-presented with Sandy Carrielli (Forrester) and James Todd (Cloudflare).

Techstrong TV · The Last Great Cloud Transformation

Safeguarding Innovation by Strengthening External Security

Episode 7 of Techstrong TV's cloud transformation series — covering how organizations protect external-facing infrastructure without slowing down innovation.

Behind the scenes

How I built this

I write about AI and application security for a living, so I wanted this site to actually run on the stack I cover — not just describe it. The front end, the "Ask Catherine" assistant, and its guardrails are all things I built and can speak to firsthand.

The website itself

Every page in my portfolio is custom-built with Claude as my coding partner and me directing the design decisions. Avoiding an off-the-shelf web builder helped keep the site fast, lightweight, and iterable.

Hosting

The website is hosted on Cloudflare Pages and deployed straight from Git. Static assets are served from the edge to improve load times. It was super fast to spin up!

"Ask Catherine" AI assistant

A serverless function calls Cloudflare Workers AI (Llama 3.1 8B) and lets visitors ask about my background and work to get conversational answers instead of a static bio.

Chatbot abuse protection

The AI endpoint uses Cloudflare AI Gateway for logging and content guardrails, and system prompts provide strict scope limits so it only speaks to my work. Prompt-injection detection and per-IP rate limiting keep it from being misused.

Contact form

A serverless function uses the Resend API for email delivery straight to my inbox. I didn't use any third-party form embeds or trackers.

Security hardening

Beyond the AI assistant security I implemented, I also added site-wide rate limiting, DDoS mitigation, and WAF rules using Cloudflare's Application Security products.

HTML / CSS / JS Cloudflare Pages Workers AI AI Gateway Resend Claude Code

Get in touch

Let's work together

Whether you're looking to sharpen your positioning, plan a launch, or just want to talk cybersecurity strategy — I'd love to hear from you.