In the latest edition of our ongoing spotlight series, we sat down with Anthony Ricco, Corellium’s Chief Product Officer, to explore his journey through software development, product innovation, and mobile security leadership. In this candid Q&A, Anthony shares the pivotal moments that shaped his career, what excites him about the future of mobile app security, and why he believes in building products—and teams—that are secure by design.
Q: What originally drew you into software development, and how did that evolve into your current leadership path in mobile security?
It all started when I joined a small web dev shop my brother launched. Joined my brother who had a startup — it was maybe 5 people and grew to 22 people. Did early web development, before any forms of bulletin boards and the first internet.
So I started with my brother. We had a blast. We were making up stuff as we went along. We tried so many business angles — taught me about customers and how to sell to them, market to them, and keep them happy. We built a lot of things.
We did it all. And we didn’t focus on anything." It was my crash course in entrepreneurship, learning how to market, sell, and support products simultaneously. Eventually, I joined a software company that was later acquired by Citrix, where I spent 15 years. That’s where I really grew—riding the wave of a scaling business, jumping on planes, talking to customers, and learning how to bridge technology with user needs.
Q: You’ve held roles ranging from developer to CMO to CPO. What’s the common thread across those experiences?
At my core, I’ve always been a builder. I started out in engineering but found myself gravitating toward product management. I loved working directly with customers, which eventually led me into marketing and go-to-market roles. I’ve bounced between building things and figuring out how to bring them to market. That back-and-forth has shaped how I lead product today—always through a customer lens.
Q: What do people still misunderstand about mobile application security today?
There’s a huge misconception that mobile apps are secure just because they’re on secure devices like iPhones or Android. People assume the platform takes care of everything—but it doesn’t. Businesses are responsible for ensuring their apps are secure. You can't outsource that responsibility to the device manufacturer. Apps must be tested thoroughly—there’s no shortcut there.
Q: What sets Corellium apart in how we approach mobile and IoT security testing?
One word, virtualization. At Corellium, we create digital twins—virtual replicas of devices, whether it’s an iPhone, a thermostat, or a connected car system. That’s where the magic happens. You can break things apart, inspect every layer, take snapshots, and test in ways you simply can’t on physical devices. And with virtual, you can spin environments up or down instantly, take snapshots, and track changes over time. It's secure, scalable, and incredibly efficient.
Q: Why did you originally join Corellium? What was the draw?
It was the tech—hands down. I’d worked across the mobile security space and hadn’t seen anything as polished as Corellium’s platform. The CHARM hypervisor is one-of-a-kind. But it was also the people. I believed in the founders—Chris and Amanda. When I came on board, we were a team of 20 and everyone wore multiple hats. I joined as CMO, but my goal was to help build a go-to-market engine from the ground up.
We were really trying to build something from scratch. We all try to bring in great people, but almost all the people at Corellium came in because they knew someone here.
We started adding to the team, growing. And now we’ve got executive leaders that have very detailed domain experience. I focus on the product side which I have the longest history in. We have 4 or 5 other executives that could focus on sales, marketing, on finances, and operations.
Q: What do you think about building product cultures that are both innovative and secure by design?
It starts with the team. We bring in people who are domain experts, who’ve lived the pain points our users face. That gives us perspective and keeps us grounded. I don’t want folks who just follow directions—I want people who can challenge ideas and bring strong opinions based on experience. We argue—but that friction is healthy. It’s how we stay sharp and build products that actually solve problems.
Q: What’s your vision for mobile security and Corellium over the next 3–5 years?
We’re at an inflection point. The only way forward is to shift security left—fully integrated into the dev process, supported by automation and AI. Right now, AI is helping coders with mundane tasks or simple how-to's. It's not yet reached the stage of, ‘Hey, you should code it this way or that way, because it's more secure.’ That's even more evolved AI.
As long as we just keep an eye on that, and start our research on that, and work on that, and know that's where it's heading.
That's a different beast.
Q: Outside of work, what keeps you grounded or inspired?
My teenage kids—they’re everything. My schedule revolves around them. Watching them perform or compete is pure joy and a complete mental reset. I also play racket sports and golf when I can. I’ve been working remotely since before it was cool, and I love it. Those weekends with my kids? They used to be exhausting. Now, they’re energizing.
Join a Team That's Revolutionizing Mobile Security
Want to work alongside experts like Anthony at Corellium? Check out our open positions at Corellium Careers.
Keep reading
Maximize iOS Application Security: Stop Wasting Two-Thirds of Your Mobile App Pentesting Efforts
How to Reverse Engineer iOS Apps with Hopper, Ghidra & R2Frida
