Most cybersecurity startups build products for finders not fixers.
By building software for cybersecurity professionals rather than software engineers, StackHawk CEO Joni Klippert said companies are left with countless unnecessary pull requests, jarring sprint development interruptions and potentially malicious attacks.
In July of 2019, Klippert co-founded StackHawk, a cybersecurity startup built by software engineers, for software engineers. And on Tuesday, just a month after its public launch, the Denver startup announced it raised $10 million in Series A funds.
“We are excited about what we have built already, but there is so much more we want to do,” Klippert told Built In.
Traditionally, most companies conduct application security testing a few times a year through quarterly penetration tests or scheduled scans of the production application. Companies like the Burlington, Massachusetts-based Veracode or Boston-based Rapid7 look for vulnerabilities after a product is already in production, Klippert said, “which is just a really inefficient workflow.”
StackHawk, on the other hand, implements a security testing protocol before an application is pushed into production, a trend in the industry known as “shifting security left.” By constantly scanning code through dynamic application security testing — or scanning the running application by simulating the operations of an attacker looking to breach a business’ data — Klippert said StackHawk helps businesses to continuously deploy safer products.
The startup also says it helps businesses bridge the talent shortage of cybersecurity professionals. By 2021, experts estimate there will be 3.5 million available, but unfilled, cybersecurity jobs.
“StackHawk, by automating application security in the CI/CD pipeline, and putting it in the hands of software engineers, allows our customers and companies to really scale their security program without needing additional humans,” Klippert said.
In the next few weeks, StackHawk plans to unveil additional reporting security capabilities, as well as a people management tool within the app. Klippert said the company’s “next big project” will be implementing single sign-on, which will allow multiple users using several devices from a single company to access StackHawk through a single login.
The startup also plans to invest the Series A round in growing its team — with plans to hire marketing, sales and product leaders — as well as supporting the open-source project Zed Attack Proxy that the company’s platform is built on. In July, the company hired ZAP founder Simon Bennetts as a distinguished engineer, with the idea that he would work at StackHawk and continue to develop the most commonly used open-source security scanning platform.
“He had been building this capability for 10 years with his core contributors, and was excited to join our team to continue to put assets in the hands of software engineers,” Klippert said.
The Series A round brings total investment in StackHawk to $14.6 million. Sapphire Ventures led the round, with participation from Foundry Group, Costanoa Ventures, Flybridge Capital and Matchstick Ventures.