We work best with companies that…

• Need full-time security

  Most startups don’t. That’s a good thing. If that’s you, enjoy it while you can!

  The obvious sign that you need full-time security is “you’re trying to put together a hiring req for a security engineer”. Some subtler signs:

  • Your customers are demanding security assurance as a condition of doing business. You’re burning time filling out questionnaires.
  • You’re burning so much time securing systems and code that your engineers are having trouble getting features done.
    
    

• Are technology-driven

  We’re software security people. If your company doesn’t do much software development, we’re not a great fit.
  We help with the “boring” policy and controls stuff, too; we want to own the whole security practice. But to get value out of us, your security problems should be definable in code.

• Can give us access

  Lots of companies are itchy about giving access to remotes and contractors. That concern makes sense. But we’d be your security team; we’ll need access to things.
  We can talk in detail about how we manage authentication and secrets, and we can be flexible. But we don’t work well with startups that expect to cordon us off with other contractors.