October 24, 2023 at 01:47PM
Secure-by-design software development emphasizes the need to incorporate security considerations from the beginning. Small companies often struggle to access and afford application security expertise, resulting in insecure software. Zatik, a consulting firm founded by Kymberlee Price and Jon Callas, aims to provide fractional security consulting services to help startups and smaller businesses establish secure software development practices. Their focus is on building secure products, DevOps pipelines, CI/CD, and security controls. The goal is to instill a security-by-design ethos early on in the company’s growth.
The key takeaways from the meeting notes are as follows:
1. Small companies often struggle to prioritize and allocate resources for application security expertise during the early stages of software development.
2. By the time small companies have the capacity to hire application security professionals, their software may have already accumulated security technical debt.
3. Best-in-class product security professionals and security-aware developers are rare and in high demand, making it challenging for small businesses to compete.
4. Zatik, a new consulting firm founded by Kymberlee Price and Jon Callas, aims to address this problem by providing fractional security consulting services to startups and smaller businesses.
5. Zatik focuses on building secure-by-design software and helping companies establish a security program that covers areas such as DevOps pipeline, CI/CD, and security controls.
6. Zatik can also assist with building a cybersecurity program, recommending technology stack improvements, and making introductions to relevant partners.
7. As Zatik scales, they plan to expand their team and collaborate with partners to offer expertise in various areas of security.
8. The ultimate goal is to help small companies adopt a security-by-design ethos from the beginning, enabling them to grow with a strong security foundation.
9. Early engagement with Zatik can cultivate a culture where secure development practices become ingrained in the company’s processes, rather than being retroactively added by a separate security team.