Home
News
Tech Grid
Interviews
Anecdotes
Think Stack
Press Releases
Articles
  • AIApplication Security

Token Appoints Former CISA CIO Robert Costello to Advisory Board


Token Appoints Former CISA CIO Robert Costello to Advisory Board
  • by: Business Wire
  • |
  • July 9, 2026

As organizations strengthen identity security against evolving AI-driven cyber threats, Token has appointed former Cybersecurity and Infrastructure Security Agency (CISA) Chief Information Officer Robert Costello to its Industry Advisory Board. The appointment brings extensive federal cybersecurity and digital modernization expertise to support the company's biometric identity assurance strategy for enterprises and critical infrastructure.

Quick Intel

  • Token appoints former CISA CIO Robert Costello to its Industry Advisory Board.
  • Costello brings more than 20 years of cybersecurity, digital modernization, and public sector leadership.
  • The advisory board helps guide Token's biometric identity assurance strategy.
  • Token highlights growing identity risks driven by AI-powered phishing, deepfakes, and social engineering.
  • The company recently expanded its biometric architecture to secure human approval for high-risk AI actions.
  • Token's identity platform integrates with existing IAM, SSO, and PAM environments.

Token Strengthens Advisory Board with Former CISA CIO

Token has announced the appointment of Robert Costello to its Industry Advisory Board, adding decades of cybersecurity and government technology leadership to the company's strategic advisory team.

The board consists of senior cybersecurity executives, chief information security officers, and government security leaders who advise Token on identity assurance challenges facing enterprises and critical infrastructure organizations.

Costello currently serves as Chief Digital and Information Officer at Merlin, following his previous role as Chief Information Officer at the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

"The CISOs and security leaders on our Industry Advisory Board live with the consequences of identity failure every day, and that perspective is exactly what shapes where we take this technology," said Kevin Surace, CEO of Token. "Robert has modernized and defended technology at the scale of national infrastructure, under constraints most enterprises never face. As the question shifts from ‘Who logged in?’ to ‘Who approved this action — a human or an agent?’, his judgment is exactly the kind we want guiding us."

Addressing AI-Driven Identity Security Challenges

Token announced the appointment as organizations face growing identity-related cybersecurity risks fueled by advances in artificial intelligence.

According to the company, AI-powered phishing, deepfake technology, and increasingly sophisticated social engineering attacks continue to expose weaknesses in traditional credential-based authentication systems.

The emergence of AI agents capable of executing operational tasks has also introduced new governance requirements, particularly around verifying human approval for high-impact actions such as releasing payments, modifying production environments, or changing access permissions.

To address these challenges, Token recently expanded its biometric identity architecture to ensure that sensitive actions require approval from a verified individual who is physically present, even when AI agents prepare or recommend those actions.

Biometric Identity Assurance for Enterprise Security

Token's identity assurance platform combines on-device biometric authentication with secure hardware to verify the individual behind every authentication request rather than relying solely on passwords or traditional credentials.

Its TokenCore product portfolio—including the TokenCore Wearable, TokenCore Portable, and TokenCore Node—is designed to integrate with existing identity and access management (IAM), single sign-on (SSO), and privileged access management (PAM) infrastructures without replacing existing enterprise identity systems.

The company positions its technology as an additional layer that strengthens identity verification while reducing risks associated with credential theft and account compromise.

Costello Brings Public Sector Cybersecurity Experience

Costello currently leads digital strategy, enterprise architecture, AI adoption, and secure technology modernization at Merlin for public sector and critical infrastructure organizations.

Before joining Merlin, he directed major modernization initiatives at CISA covering zero trust architecture, cloud adoption, identity management, enterprise applications, and mission technology.

His career also includes leadership positions at multiple U.S. Department of Homeland Security agencies, including Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE), along with experience supporting federal civilian technology programs.

A U.S. Air Force veteran and Certified Information Systems Security Professional (CISSP), Costello brings operational cybersecurity experience spanning government modernization and enterprise technology deployment.

The appointment reinforces Token's focus on advancing biometric identity assurance as organizations seek stronger identity controls to address both human and AI-driven security risks.

 

About Token

Token provides biometric-assured identity solutions for enterprises that need to stop credential theft, phishing, social engineering, and account takeover at the point of access. Token products combine biometric fingerprint verification, secure hardware, FIDO2 and WebAuthn authentication, and wireless ease of use to ensure that only the right person can access critical systems. Token protects workforce access across modern enterprise applications, identity providers, and cloud platforms.

Founded in 2014 and backed by Grand Oaks Capital, Token delivers secure, passwordless authentication solutions that help organizations reduce identity-based risk and strengthen workforce security. For more information, visit www.tokencore.com.

  • CybersecurityPasswordlessEnterprise SecurityZero TrustIAM
News Disclaimer
  • Share