The Founder Stopping Cyber Attacks Before They Start
Our new blog series, “Preparing for Lift-Off: 11 Founders Launching Bold New Startups,” features exclusive interviews with the founders from the latest cohort of our UFirst Summer Accelerator program. We’re sharing their stories and the daring ideas that are moving their companies forward. We’re excited to be working with them this summer, and hope you enjoy hearing about their journeys thus far and where they’re headed.
A seasoned enterprise software expert, Brittany uncovered a startling paradox: most companies were implementing security features after their products were built even while the vast majority of vulnerabilities were created during the development process.Having hit upon this critical realization, Brittany set off to make security an integral component of software development, not an afterthought.
This is part 7 of 11 in our “Preparing for Lift-Off: 11 Founders Launching Bold New Startups” series created in partnership with growth marketing agency Ideometry. Tune in each week for another installment! Check out Part 6 with Tomas Ratia of Frase.
Watch Wabbi pitch at the 2019 UFirst Demo Day Above!
Tell us a bit about Wabbi.
Brittany: Wabbi is a SecDevOps automation platform. There is a whole alphabet soup of cybersecurity solutions — and they’re all important — but application security is particularly important as we have become an application economy. Yet, most cybersecurity security efforts focus on improving detection and response times to minimize damage when a breach happens. But functionally, they’re leaving the front door open and the windows cracked — and those are the vulnerabilities in their code. 9 out of 10 breaches begin with vulnerabilities created in development, 90% of companies don’t begin application security until after code is in production.
Application security is different. It’s about a good process and how you integrate that process into the development pipeline so that you can stop vulnerabilities before they become a risk. That’s what Wabbi does. We take a developer centric-approach to application security, which allows us to start securing your application from the very beginning of the design process. We arm product managers with the right information and know the policies to enable their developers to produce more secure code.
How did you come up with the idea?
Brittany: My background was in the BPA (Business Process Automation) space. While I was at MIT’s Sloan School of Management, I spent some time at Cisco and got a bug for cybersecurity. As I got to know the landscape, I realized that most of the focus was on building lines of defense, rather than fixing the root cause: the vulnerabilities in code. Then, when the Equifax breach happened in September of 2017, the conversation changed: it became centered on security delivering business value. That’s when I started exploring this idea for Wabbi.
At what point did you recognize that you had something you could build a business around, as opposed to just an interesting idea?
Brittany: For one, it came out of conversations with experts in the space. I started hearing repeatedly that security teams wanted to be proactive about application security, but that nobody had designed a platform that enabled them to yet.
Next, I started talking to development teams. They knew that integrating application security into their development process would not just produce more secure code, but drive real business value. Especially as security has become this ominous thing for many — nobody wants to be the person that unintentionally codes in a vulnerability that causes a major security breach.
Through this feedback, I realized Wabbi had to be developer-centric because if it doesn’t succeed with developers, it will never succeed. That was the moment I thought, ‘This is actually a product. This is something people want.’
You’ve mentioned the trade-off between producing secure code and making deadlines. Can you elaborate on that trade-off and why it exists?
Brittany: Development teams are always asking: when is it time to slow downvs. when is it okay to allow this into production and we’ll fix it later? While we’ve seen this with the alignment and automation of Dev and Ops to ensure agility and stability are balanced, security doesn’t have a natural place in this workflow today.
Wabbi isn’t just a security tool, it is a critical business solution that ensures companies no longer have to sacrifice speed for security. For example, think about the login we use to check our personal checking accounts. Imagine a feature is developed for it and a scan finds a vulnerability with medium risk for a DDoS attack. It’s not a great thing, but there are redundancies in place and the damage is mostly around customer satisfaction for the 10 minutes it takes to switch over, so it can be fixed later. Now let’s imagine that same feature with the same vulnerability is used on the login for a trading platform. That is something everybody wants to stop immediately. Seconds of downtime will translate to millions of dollars in damages. But, until now, DevOps couldn’t contextualize the vulnerability results this way without bringing the pipeline to a standstill.
SecDevOps has been an emerging field over the past few years, what do you think is driving the growth of this industry and how do you see Wabbi fitting into this shift?
Brittany: It is the acute awareness of the fact that we live in an application economy. Today every company is a technology company and our foundations are made of code. Additionally, we’ve had enough high-profile breaches to make security a regular conversation not just around the boardroom, but also the dinner table. People understand you have to be proactive about it.
Think about the speed at which code is developed today. The average software company will have 120 releases per year. Think about how quickly that compounds. The number of vulnerabilities grows exponentially as we produce more and more code, increasing the gap between the time to fix them, and the time to find them by the adversaries looking to exploit them. Wabbi helps companies diagnose and prioritize risks from vulnerabilities so that security naturally fits into the development workflow and no longer has to be a competing priority.
What drew you to UFirst? What are you hoping to get out of it?
Brittany: The Underscore team is what attracted me to UFirst. I got to know them and realized the strength of their Core Community and the value it could bring in shaping and accelerating the success of Wabbi. Open source is a big part of our business model and the firm’s reputation and experience in the space speak for themselves.
What is your expectation at the close of the UFirst program? Where are you hoping to be after going through it?
Brittany: By the end of the summer, I’m looking to take this idea to market, bring a much-needed product to our first customers and be in a position to execute on our growth plan for the coming year. While I know the Underscore team and Core Community will help in bringing the pieces together, I’m also looking forward to the lessons I learn from my fellow founders in the program.
Being an entrepreneur, what are some of the biggest challenges you’ve faced along the way?
Brittany: Being vulnerable. Early on, I received the advice to be vulnerable, and I turned my nose up at it. It took me a while to understand its importance. But now I understand that you need to be willing to open up about your problems, discuss your challenges and take feedback in stride.
The other great piece of advice I got was, “you don’t know what you’re doing and that’s okay.”
Starting a business is no easy task. What is the driving force that gets you out of bed every day and motivates you to build your business? What helps you stay focused?
Brittany: As a founder, if you do not wake up every day and say I’m doing this because there is a need for it and I believe in it — then you should move onto the next thing. At Wabbi we are having a real impact on how code is developed to deliver more secure products that enable more secure businesses, and at the end of the day, more secure lives. We cannot realize the full potential of technology unless we have confidence in the security of it. Application security is at the crux of that, and Wabbi is going to change the paradigm of how companies do it.
Tune in every Wednesday for the next ten weeks as we release new interviews from our “Preparing for Lift-Off: 11 Founders Launching Bold New Startups” series. Check out Part 6 with Tomas Ratia of Frase.
Ideometry is a Boston-based full-service marketing agency serving a global client base. With a full suite of creative, development, and strategic services, Ideometry helps startups and Fortune 500 companies alike get the business results they’re looking for. If you’re doing something interesting, we’d love to hear from you. Get in touch with us at ideometry.com or email firstname.lastname@example.org