David Schwed is a cybersecurity executive, researcher, attorney, and academic who specializes in digital asset security, non-human identity (NHI) risk, and security architecture in cryptocurrency and artificial intelligence (AI) systems. He is the COO of SVRN, the commercial and capital arm of the NEAR ecosystem, focused on bringing privacy-preserving AI, interoperable transaction infrastructure, and actively managed network treasury strategies to enterprise and public-market contexts. ^{[1] [2]}​

Education

Schwed earned a Bachelor of Science degree in Business, Economics, and Finance from Empire State University. He later pursued a legal education, graduating from the Maurice A. Deane School of Law at Hofstra University with a Juris Doctor in 2012. ^{[1] [2]}​

Career

Schwed began his career in the late 1990s, holding information technology and infrastructure roles in systems administration, engineering, and project management at financial firms including Citicorp, Merrill Lynch, and Marsh & McLennan Companies. From 2000 to 2006, he worked at Citi, where he progressed from infrastructure and operations management to roles in audit, risk review, and enterprise technology oversight. In 2006, he had a brief tenure at Grant Thornton as a Senior Supervising Consultant, focusing on technology and risk-related client engagements.

Later in 2006, Schwed joined BNY Mellon as a Senior Vice President in Enterprise Threat Management and Service Provider Management. In this capacity, he led efforts related to cybersecurity threat detection, third-party risk oversight, and compliance with financial services regulations, advising business units on risk mitigation. In 2008, he co-founded MASS Communications, a telecommunications network management company. He served as its General Counsel, Chief Information Officer, and an executive leader, overseeing company operations, compliance, and infrastructure development until it was acquired by Windstream Enterprise in 2018.

Following the acquisition, Schwed transitioned into senior leadership roles within the digital asset and financial technology sectors. He was the Managing Director and Chief Information Security Officer (CISO) at Galaxy Digital from 2018 to 2019, where he was responsible for establishing the firm's information security programs. From 2019 to 2021, he served as Chief Information Officer at RTI Cable, directing the technology strategy for its global telecommunications infrastructure. He returned to BNY Mellon in 2021 as the Global Head of Digital Assets Technology, a role in which he led the enterprise-wide technology strategy for the bank's digital asset services until 2022.

From 2022 to 2024, Schwed served as Chief Operating Officer at Halborn, a cybersecurity firm specializing in blockchain security. Subsequently, he was appointed CISO for brokerage and money services at Robinhood, a position he held from 2024 to 2025. Since 2025, he has served as the Chief Operating Officer of SVRN, while continuing to advise and invest in early-stage technology companies.

Since 2014, Schwed has acted as an expert witness in civil and criminal cases involving computer forensics, cybersecurity, and cryptocurrency matters, providing expert analysis and testimony. He has also held multiple academic appointments, including serving as a founding director and professor for graduate cybersecurity programs and as a Special Professor of Law, where he taught courses on cybersecurity and entrepreneurship law. In addition to his formal roles, Schwed has chaired cybersecurity advisory boards, participated in professional certification bodies, and served as a mentor in accelerator programs for technology and digital asset companies. ^{[1] [2]}

Interviews

Building Security

In a January 2026 episode of the Security Table podcast, Schwed argued that modern crypto organizations must rethink security by treating non-human actors—such as smart contracts and automated transaction systems—as first-class identities subject to the same guardrails as human employees, including principles like zero standing privileges. He criticized the industry’s heavy reliance on audits and on-chain monitoring, noting that audits are only point-in-time checks that often miss zero-day vulnerabilities and should not substitute for strong internal security programs built around continuous threat detection and control. Schwed emphasized starting with rigorous threat modeling to identify risks and define protections early, rather than assuming engineers can anticipate every security concern. He also discussed the combined use of large language models and formal verification, describing LLMs as force multipliers for security work and formal methods as essential for providing mathematical guarantees about system behavior, despite their implementation challenges. Throughout the conversation, he stressed that vulnerabilities must be addressed before launch, warning that retrofitting security after deployment is risky and inefficient. He also highlighted the important distinction between engineering and security expertise, arguing that effective protection requires dedicated security specialists rather than treating security as an afterthought. ^[4]

​

Getting Cyber Security Wrong

In a November 2025 appearance on the Crypto Voices podcast, Schwed discussed how crypto security fundamentally differs from traditional security, emphasizing the need for highly preventative systems and rapid incident response given the irreversible nature of on-chain actions. Drawing on his experience as former CISO of Robinhood and his work at Sovereign AI, he noted that while individual and corporate risk profiles in crypto are often treated as distinct, they share many underlying vulnerabilities that are frequently underestimated. Schwed highlighted a troubling rise in physical attacks against visible founders and operators, underscoring that crypto risk extends beyond the digital realm. He also addressed systemic concerns, including the long-term threat that quantum computing could pose to existing encryption standards across the broader financial system, and the widening gap between available privacy-preserving technologies, such as zero-knowledge proofs, and the slow regulatory adoption of these technologies. Throughout the conversation, he advocated informed self-custody for sophisticated users, cautioned against overreliance on AI in cybersecurity without proper oversight, and pointed to a cultural shift in crypto as new participants enter without a deep understanding of historical risks, underscoring the importance of education, privacy-respecting compliance, and sound security practices. ^[5]

Open-Source vs. Closed-Source

In an August 2023 interview on the Frens Validator podcast, Schwed, then COO of Halborn, examined the long-running debate between open-source and closed-source security models through the lens of crypto infrastructure. He traced the roots of the discussion to earlier software transitions such as Unix to Linux, noting that open source leverages community scrutiny to surface bugs quickly but also exposes vulnerabilities to attackers, effectively functioning as a large, informal bug bounty system. Schwed emphasized that this dynamic becomes riskier when project forks fail to patch known issues and when ethical hackers lack incentives to responsibly disclose vulnerabilities. By contrast, closed-source systems often rely on institutional trust and reputation rather than transparency, which can sustain security at scale but limits independent verification. He also highlighted the trade-offs between security and usability, arguing that a poor user experience remains a barrier to adoption, and used Ledger’s subscription-based seed-recovery feature as an example of how convenience-driven design can undermine core security assumptions. Throughout the discussion, Schwed stressed that crypto security is not binary and should be evaluated contextually, with users tailoring protections to their risk profiles, asset exposure, and trust assumptions. ^[6]

Panels

AI Cybersecurity Challenges

In a December 2025 panel on Nasdaq TradeTalks hosted by Jill Malandrino, Schwed joined Alex Rich of GitGuardian, Gil Geron of Orca Security, and Ben Goodman of Silverfort to discuss the growing cybersecurity risks posed by non-human identities (NHIs). The panel emphasized that NHIs—such as service accounts, bots, and automated processes—now vastly outnumber human identities, often by ratios of 50 to 1, with an estimated 40% remaining ungoverned and therefore highly exploitable. Speakers highlighted how the push for faster deployment and innovation frequently outpaces security controls, a problem compounded by AI-assisted coding tools that can unintentionally introduce weak practices. Throughout the discussion, the panel stressed the need for stronger governance, identity discovery, and enforcement mechanisms for NHIs, as well as better alignment among engineering, security, and executive leadership. The conversation concluded with a shared view that organizations must embed security into development workflows to manage NHI risk effectively without constraining innovation. ^[3]