Token Adds Former Fortune 500 CISO Torrell Funderburk as Biometric Identity Becomes an AI Security Control Point

Token has appointed veteran cybersecurity executive Torrell Funderburk to its Industry Advisory Board, strengthening the company’s CISO bench as enterprises confront a new identity crisis created by AI agents, deepfakes, and credential-based attacks.

Funderburk is a two-time Top Global CISO who has led enterprise security at Sealed Air, a Fortune 500 company, and Maestro Health, an AXA subsidiary. His appointment gives Token another practitioner voice at a moment when identity security is being forced to evolve beyond passwords, MFA prompts, and traditional access controls.

The Rochester, New York-based company specializes in cryptographic biometric identity assurance, a security model designed to verify that a real, physically present human is behind sensitive access and approval decisions. Token’s Industry Advisory Board includes cybersecurity executives, CISOs, and government security leaders responsible for defending critical infrastructure and large-scale enterprise environments.

The timing is significant. Credential compromise remains one of the most persistent causes of enterprise breaches, and generative AI is making the problem harder to contain. Phishing campaigns can now be customized at scale. Deepfake audio and video can pressure employees into approving fraudulent transactions. Social engineering can move faster than human review processes. At the same time, companies are beginning to give AI agents more operational authority inside business workflows.

That creates a new security challenge: it is no longer enough to ask who logged in. Enterprises now need to know who authorized a high-risk action, whether that action involved moving money, changing privileges, accessing sensitive systems, or modifying production infrastructure.

“The CISOs and security leaders on our Industry Advisory Board live with the consequences of identity failure every day, and that perspective is exactly what shapes where we take this technology,” said Kevin Surace, CEO of Token. “Torrell has built and defended security programs at Fortune 500 scale, across some of the most demanding regulatory environments there are. As the question shifts from ‘who logged in’ to ‘who approved this action – a human or an agent,’ his judgment is exactly the kind we want guiding us.”

Token’s approach is built around binding access and approval to biometric authentication performed on secure hardware. Rather than replacing existing identity systems, the company says its TokenCore product line is designed to integrate with IAM, single sign-on, and privileged access management tools already deployed inside enterprises.

The TokenCore portfolio includes TokenCore Wearable, TokenCore Portable, and TokenCore Node. Together, the products are positioned as a hardware-backed identity layer for organizations that need stronger assurance around both human access and AI-assisted decision-making.

For enterprises experimenting with AI agents, that distinction is becoming more urgent. An AI system may be able to prepare a wire transfer, recommend a permissions change, or draft an update to production infrastructure, but Token’s model is designed to require a verified human before the final approval takes place. In that framework, AI can accelerate work, but it cannot unilaterally complete high-consequence actions without human presence and biometric confirmation.

Funderburk brings experience across manufacturing, healthcare, financial services, industrial automation software engineering, cyber architecture, and enterprise security leadership. He is also the founder and CEO of Overspace, a cyber resilience company launched in 2025 that focuses on Quantified Resilience, an approach aimed at measuring and managing systemic cyber risk.

He has spoken at RSA Conference and CES, written for CSO Online, and serves on the AI Advisory Board at Furman University. Based in Charlotte, North Carolina, Funderburk joins Token’s advisory group as more companies rethink identity assurance for an era where both humans and AI agents may be acting inside the same enterprise systems.

For CISOs, the broader message is clear: the next phase of identity security is not just about stopping stolen credentials. It is about proving human intent at the exact moment an action could create business, operational, or financial risk.