Joni Klippert

At the rate that code is changing, there's no way that you could actually pass those alerts to that person. All that's really doing is increasing your time to know and increasing your time to resolve uptime issues.

So when that company, VictorOps, was acquired by Splunk in 2018, I had the opportunity and a lot of support from CEOs I'd worked for and investors to go out on my own and start a new company. And I didn't exactly know what it would be. I know I built a lot of domain and digital transformation over about 10 years. So it's something I knew a lot about.

So when that company, VictorOps, was acquired by Splunk in 2018, I had the opportunity and a lot of support from CEOs I'd worked for and investors to go out on my own and start a new company. And I didn't exactly know what it would be. I know I built a lot of domain and digital transformation over about 10 years. So it's something I knew a lot about.

So when that company, VictorOps, was acquired by Splunk in 2018, I had the opportunity and a lot of support from CEOs I'd worked for and investors to go out on my own and start a new company. And I didn't exactly know what it would be. I know I built a lot of domain and digital transformation over about 10 years. So it's something I knew a lot about.

I started researching what felt like the last mile of DevOps, which is how is it that our security teams are so far behind?

I started researching what felt like the last mile of DevOps, which is how is it that our security teams are so far behind?

I started researching what felt like the last mile of DevOps, which is how is it that our security teams are so far behind?

I'd be introduced to different security folks during DevOps Days enterprise conferences, and they're like, we're just here to figure out how we can operate in a landscape where teams are deploying to production so fast because none of their tooling or processes were capable of keeping up with that pace. The very first thing I was researching was pen testing as a service.

I'd be introduced to different security folks during DevOps Days enterprise conferences, and they're like, we're just here to figure out how we can operate in a landscape where teams are deploying to production so fast because none of their tooling or processes were capable of keeping up with that pace. The very first thing I was researching was pen testing as a service.

I'd be introduced to different security folks during DevOps Days enterprise conferences, and they're like, we're just here to figure out how we can operate in a landscape where teams are deploying to production so fast because none of their tooling or processes were capable of keeping up with that pace. The very first thing I was researching was pen testing as a service.

I just thought it's so intellectually dishonest to have a human being attack your application and provide you with a PDF report of your vulnerabilities. And you're like, sweet, we're safe for the next year. Are you kidding? Like you deployed by the time that PDF was printed on a piece of paper. It's already out of date. How do we automate this process?

I just thought it's so intellectually dishonest to have a human being attack your application and provide you with a PDF report of your vulnerabilities. And you're like, sweet, we're safe for the next year. Are you kidding? Like you deployed by the time that PDF was printed on a piece of paper. It's already out of date. How do we automate this process?

I just thought it's so intellectually dishonest to have a human being attack your application and provide you with a PDF report of your vulnerabilities. And you're like, sweet, we're safe for the next year. Are you kidding? Like you deployed by the time that PDF was printed on a piece of paper. It's already out of date. How do we automate this process?

And so I talked to 50 different CISOs and VPs of engineering about their experience. And they just kept saying, it's not about the pen test. Third-party validation is great, but there's this technology that they use called DAST. dynamic application security testing. And if you could automate DAST, that would be amazing. And I was like, okay, I'm not that smart. Why is nobody automating DAST?

And so I talked to 50 different CISOs and VPs of engineering about their experience. And they just kept saying, it's not about the pen test. Third-party validation is great, but there's this technology that they use called DAST. dynamic application security testing. And if you could automate DAST, that would be amazing. And I was like, okay, I'm not that smart. Why is nobody automating DAST?

And so I talked to 50 different CISOs and VPs of engineering about their experience. And they just kept saying, it's not about the pen test. Third-party validation is great, but there's this technology that they use called DAST. dynamic application security testing. And if you could automate DAST, that would be amazing. And I was like, okay, I'm not that smart. Why is nobody automating DAST?

Is this crazy complicated? I know we're about to figure out what it was. That was how the company was founded. And I was on that customer development tour and I met my co-founder, eventual co-founder, Scott Gerlach. And for him, he'd been a practitioner for a long time. So he was the CISO at SendGrid through the acquisition by Twilio.

Is this crazy complicated? I know we're about to figure out what it was. That was how the company was founded. And I was on that customer development tour and I met my co-founder, eventual co-founder, Scott Gerlach. And for him, he'd been a practitioner for a long time. So he was the CISO at SendGrid through the acquisition by Twilio.

Is this crazy complicated? I know we're about to figure out what it was. That was how the company was founded. And I was on that customer development tour and I met my co-founder, eventual co-founder, Scott Gerlach. And for him, he'd been a practitioner for a long time. So he was the CISO at SendGrid through the acquisition by Twilio.

And before that, he ran functional security teams throughout GoDaddy for 10 years. And so he also had a very interesting disdain for products that were available because it was his job to try to make cybersecurity tooling accessible and approachable to software engineers in 10, 15 years of operating security teams. And he knew how deficient they were.