October 24, 2023 at 01:54PM
Zatik, a consulting firm founded by Kymberlee Price and Jon Callas, aims to address the lack of application security expertise available to small companies. They provide fractional security consulting services, helping startups and smaller businesses incorporate secure-by-design principles into their software development process. Their goal is to establish a security-focused mindset from the beginning and level the playing field for smaller companies.
During the meeting, it was discussed that one of the fundamental principles of secure-by-design software development is to account for security concerns from the beginning. However, small companies often struggle with accessing and affording application security expertise, resulting in software being built and shipped without much consideration for security. By the time these companies are able to hire application security professionals, the software already has accumulated security technical debt.
The scarcity of experienced application security professionals and their preference for working at big companies makes it difficult for smaller companies to compete for talent. Kymberlee Price, co-founder of Zatik consulting firm, recognizes that small businesses typically do not have enough work to keep a full-time security professional busy. This is why Zatik offers fractional security consulting services, allowing companies to tap into unicorn-level AppSec expertise on an as-needed basis.
Zatik focuses on building secure products by design, including aspects such as DevOps pipelines, CI/CD, and security controls. They can also assist with building an entire cybersecurity program for companies in the early stages of their development. As Zatik scales, they plan to bring on more staff and leverage partnerships with other experts in specific areas as needed for their clients.
The ultimate goal of Zatik is to help smaller companies develop a security-by-design culture from the start, ensuring that security is integrated into their engineering practices. This not only presents a business opportunity for Zatik but also contributes to improving security practices across the tech industry.