How to Scale Your Application Security Program
Building on Past AppSec Experiences
There’s no such thing as overnight success. Especially in business. But when the right opportunity arises, you must grab onto it and hold fast. Spotting the opportunity of a lifetime requires both timing and luck. It also takes a rare combination of skill, experience, patience, and guts to seize that opportunity and turn it into a viable business.
I spent the early years of my career working at Bell Labs, where I had the chance to learn first-hand from some of the most brilliant scientists and engineers in the world. To my youthful eyes, they were like wizards and sorcerers. When a small group of those luminaries launched a startup in 2000, I leaped at the opportunity to join them.
I think you can see where this story is going. We built a beautiful product that was far superior to anything else in its class. And then we learned the hard way that, despite its remarkable elegance and wonderful efficiency, there was no market for our product.
Who taught us this extremely painful lesson? The people whom we had hoped would use the product! In our zeal to build a truly unique product, we had failed to ask our potential customers if they would actually use it.
It was an excruciating moment and it transformed my life. Since then, I have launched several businesses, and the difficult lessons I learned from that early startup have served me well. Now that I am older and wiser, I look for problems that urgently require practical solutions. In 2017, Ganesh Krishnan and I co-founded Avid Secure, a platform that combines AI-based cloud security analytics, compliance, and automation to provide customers with end-to-end protection in public cloud services such as AWS, Azure, and Google. Essentially, we melded the power of AI and the efficiency of automation to simplify governance, compliance, and security monitoring for public cloud users.
And believe me, we didn’t pick those capabilities out of a hat. We made absolutely certain there would be a need for our platform and the market, in turn, proved the value of our platform. The success of Avid Secure gave me the boost of confidence I needed to respond quickly when the next challenge presented itself - as it did with ArmorCode.
Introducing ArmorCode - the 10x AppSec Force Multiplier™
Here’s the ArmorCode story in a nutshell: In a typical application development scenario, the developers (who already outnumber the security engineers by a ratio of 100 to 1) race ahead, leaving the security team to play catch-up. Code scanning becomes a feverish endeavor, and application security issues that should have been resolved easily become thorny problems.
Simple automation tools can generate a deluge of findings and tickets, which adds to the confusion by creating more manual work. Instead of harmony and cooperation, you have finger-pointing and frustration within and between teams.
I saw a clear need amid the chaos to create a new platform that would harmonize the efforts of essential players, reduce confusion, and streamline workflow across the software development lifecycle (SDLC).
And that’s when my three decades of experience and hard work proved indispensable. I huddled with advisors, mentors, colleagues, entrepreneurs, and investors. It didn’t take us long to realize that we had the opportunity to build a platform that would define and energize a new category.
The result of our effort is ArmorCode, an innovative platform for enabling and orchestrating all of the essential functions and processes of Application Security Posture Management (ASPM), Risk-Based Vulnerability Management (RBVM), and Software Supply Chain Security.
Scale Application Security with AppSecOps
Whoa, what is AppSecOps? That’s the new category I mentioned previously, and it’s evolving even as you read this post. AppSecOps is the process of identifying, prioritizing, and remediating Application Security vulnerabilities and risks - fully integrated with existing DevSecOps workflows, teams, and tools. Our visionary approach to intelligent automation ensures that developers aren’t driven crazy by floods of tickets they need to resolve.
Pioneering a new category involves breaking the old paradigm, busting up the status quo, and inventing fresh strategies for solving new kinds of problems. That’s exactly what we’re doing with ArmorCode. Instead of relying on a chaotic assortment of tools and point solutions, we offer an AppSec platform that does it all, without the turmoil and friction created by disconnected processes, multiple silos, and misaligned incentives.
The good news is the industry likes our approach – we have 150+ AppSec integrations and a solid foundation of customers. We’ve combined AppSec posture management, vulnerability management, and continuous compliance solutions into a single holistic platform.
The platform empowers our customers to create, share, manage, and track DevSecOps workflows and SLAs, enabling them to “shift left” without sacrificing speed, scale, or security. We call ourselves the “AppSec Force Multiplier™,” and we help our customers ship secure software and ship it fast.
I think that my former colleagues at Bell Labs would be proud of what we’ve accomplished here at ArmorCode and that they would be thrilled to see how the lessons I learned as a youthful entrepreneur were never forgotten.
