Joni Klippert

We decided the deployment mechanism that the scanning capability is deployed in the client site. So via Docker or within your CLI. And the choice to do that has a lot of benefit for the customer. When the scanner's running and it's sending thousands of attacks, you don't want those attacks to traverse the internet because it's going to take a very long time for that scan to run.

We decided the deployment mechanism that the scanning capability is deployed in the client site. So via Docker or within your CLI. And the choice to do that has a lot of benefit for the customer. When the scanner's running and it's sending thousands of attacks, you don't want those attacks to traverse the internet because it's going to take a very long time for that scan to run.

We decided the deployment mechanism that the scanning capability is deployed in the client site. So via Docker or within your CLI. And the choice to do that has a lot of benefit for the customer. When the scanner's running and it's sending thousands of attacks, you don't want those attacks to traverse the internet because it's going to take a very long time for that scan to run.

So if it's instead running right next to where your code lives, your code base is, that round trip time is really fast. But the thing that it did for Stemcock is we aren't having to scale the scanning engine ourselves. I'm Joni Klippert, CEO and co-founder of StackHawk.

So if it's instead running right next to where your code lives, your code base is, that round trip time is really fast. But the thing that it did for Stemcock is we aren't having to scale the scanning engine ourselves. I'm Joni Klippert, CEO and co-founder of StackHawk.

So if it's instead running right next to where your code lives, your code base is, that round trip time is really fast. But the thing that it did for Stemcock is we aren't having to scale the scanning engine ourselves. I'm Joni Klippert, CEO and co-founder of StackHawk.

StackHawk is an API security platform. We help teams understand their API landscape and application landscape, which informs what should be tested. And StackHawk has a very robust API security testing platform. which was the very first capability we came out with. There's a realm out there called pen testing, where you hire a human to attack your web properties to ensure that you're safe, right?

StackHawk is an API security platform. We help teams understand their API landscape and application landscape, which informs what should be tested. And StackHawk has a very robust API security testing platform. which was the very first capability we came out with. There's a realm out there called pen testing, where you hire a human to attack your web properties to ensure that you're safe, right?

StackHawk is an API security platform. We help teams understand their API landscape and application landscape, which informs what should be tested. And StackHawk has a very robust API security testing platform. which was the very first capability we came out with. There's a realm out there called pen testing, where you hire a human to attack your web properties to ensure that you're safe, right?

It's part of SOC 2 compliance. You have to have pen tests on some regular cadence. Maybe it's yearly, six months, quarterly, whatever it might be for your organization. And they attack the running app and they give you a report of vulnerabilities that For us, we believe that much of that, other than the third-party validation, can be automated.

It's part of SOC 2 compliance. You have to have pen tests on some regular cadence. Maybe it's yearly, six months, quarterly, whatever it might be for your organization. And they attack the running app and they give you a report of vulnerabilities that For us, we believe that much of that, other than the third-party validation, can be automated.

It's part of SOC 2 compliance. You have to have pen tests on some regular cadence. Maybe it's yearly, six months, quarterly, whatever it might be for your organization. And they attack the running app and they give you a report of vulnerabilities that For us, we believe that much of that, other than the third-party validation, can be automated.

So we help companies test their applications and APIs for vulnerabilities, and we help the software engineering team actually fix those bugs before they deploy to production. So I'd been building software for software engineers for about 10 years before we started. I went to a company called VictorOps. They were super early. We were a competitor to PagerDuty.

So we help companies test their applications and APIs for vulnerabilities, and we help the software engineering team actually fix those bugs before they deploy to production. So I'd been building software for software engineers for about 10 years before we started. I went to a company called VictorOps. They were super early. We were a competitor to PagerDuty.

So we help companies test their applications and APIs for vulnerabilities, and we help the software engineering team actually fix those bugs before they deploy to production. So I'd been building software for software engineers for about 10 years before we started. I went to a company called VictorOps. They were super early. We were a competitor to PagerDuty.

At that business, the idea was, OK, DevOps is a thing. We're deploying code to production so frequently at this time. The idea that you should send alerts about uptime or latency or downtime or anything with your production assets to neckbeards eating Cheetos, watching dashboards, wondering what's going to break, and then they would be the first line of defense to fix things.

At that business, the idea was, OK, DevOps is a thing. We're deploying code to production so frequently at this time. The idea that you should send alerts about uptime or latency or downtime or anything with your production assets to neckbeards eating Cheetos, watching dashboards, wondering what's going to break, and then they would be the first line of defense to fix things.

At that business, the idea was, OK, DevOps is a thing. We're deploying code to production so frequently at this time. The idea that you should send alerts about uptime or latency or downtime or anything with your production assets to neckbeards eating Cheetos, watching dashboards, wondering what's going to break, and then they would be the first line of defense to fix things.

At the rate that code is changing, there's no way that you could actually pass those alerts to that person. All that's really doing is increasing your time to know and increasing your time to resolve uptime issues.

At the rate that code is changing, there's no way that you could actually pass those alerts to that person. All that's really doing is increasing your time to know and increasing your time to resolve uptime issues.