Today, I am incredibly excited to announce that StackHawk has raised a $10 million Series A financing round led by Sapphire Ventures. It has been so much fun building StackHawk to this point and I feel privileged to have this new investment to further the StackHawk mission. I am proud of all that we have accomplished to bring us to this point and am far more excited about the opportunity ahead of us!
Digital Transformation Demands Modern Security Tooling
Digital transformation is here. Nearly every company in the world is looking to software as a competitive differentiator and teams are shipping software faster than ever before to deliver innovation to customers. While the digital transformation ship set sail long ago, it has only been accelerated by today’s distribution of the workforce. Amongst this massive shift, security is only becoming more important.
Facing this rapid deployment environment, modern engineering teams must be able to deliver *secure* software to their customers quickly. In order to accomplish this, these teams require security tools that integrate into their workflows, that can be deployed in CI/CD, and (perhaps most importantly) that developers want to use.
Security leadership knows that scaling application security within an organization can’t be done through hiring. To build an effective AppSec program, security teams need to scale with paved roads and processes that make it easy for engineering teams to take ownership of secure application delivery. Teams are already making this shift, and the legacy vendors have not been able to keep up. There is massive demand for application security tooling that is developer-centric and built for CI/CD, allowing teams to find and fix their security bugs before they hit production.
StackHawk: Fifteen Months In
We just passed the fifteen month mark since founding StackHawk and I could not be more proud of what our team has accomplished. Thinking back to what was simply an idea and a team in July 2019, it is amazing to see where we are at now. Below are a few of my favorite highlights:
Customers Running AppSec Tests with Every Pull Request: After working with alpha and beta users for nearly a year, StackHawk was released into general availability on September 1st. As a founder, it brings a sense of pride as customers choose to spend their security budgets on StackHawk, and we’ve loved onboarding our early customers. We now have a strong (and growing!) base of customers that are running automated application security tests on every PR.
Tying Into Developer Workflows with Integrations: Our opinion is that a security tool should be out of sight (aside from reassurance via passed builds in CI/CD) until a new vulnerability is found. We have made automated AppSec testing in CI/CD incredibly simple with our integrations with tools such as Jenkins, CircleCI, GitHub Actions, and more. When bugs are found, our integrations with developer workflow tools such as Jira and Slack make it easy to manage and collaborate. And we have been highly dedicated to building a top-notch UI for when developers do end up in the StackHawk platform, making it simple to triage and fix bugs on the fly.
Teaming Up with ZAP Open Source Project: StackHawk is built on the OWASP ZAP open source project. We have been committed to the open source since the beginning of the company, but in July we made those ties even deeper when we hired the founder of ZAP, Simon Bennetts. We will continue to invest in open source scanning technology as part of the ZAP community as we build additional functionality around it.
Wow, what a year it has been. And at the same time, I know we are just getting started!
What We’re Currently Excited About
With this new investment, we are able to move faster on the opportunities we have before us. There is so much that we are looking forward to, and now we’ll be able to add even more resources to support our goals. Here are a few of the top areas we are excited about:
Continued Product Development: With our GA launch, StackHawk is a fully-featured dynamic application security testing platform. That being said, we have big plans to continue to make it better for the developers who use it day in, day out.
Go-to-Market Investment: We have built a product that we are proud to share with the market. I’m obviously biased, but I think we have the best automated AppSec testing tool out there. Now it is time to put resources behind brand awareness so people can find us.
ZAP Community Investment: We are excited to deepen our relationship with the ZAP community. ZAP is the most widely used application security scanner in the world. We have a lot to learn from this community, but are also excited to contribute as well. Whether it be direct contributions back to the open source, indirect contributions from StackHawk customers who gain interest in the open source project, or helping teams scale their ZAP usage by layering in StackHawk, we are looking forward to supporting the ZAP community.
Thank You to Our Investment Partners and Supporters
As we continue on this journey, I’d like to take this opportunity to thank our investors and supporters. From the beginning, we have worked with some of the best VCs in the business, and we are delighted to be adding Sapphire Ventures to that mix. We are also grateful to have all of our fantastic existing backers (Foundry Group, Costanoa Ventures, Flybridge Capital, and Matchstick Ventures) participate in this investment. We are also excited to welcome David Hartwig of Sapphire Ventures and Greg Sands of Costanoa Ventures onto our board of directors.
I would also like to thank our supporters, our early customers, and our wonderful team. We could not do it without you and we are excited to continue working together. If you are not currently connected to the StackHawk community, then let’s chat. Whether you are interested in checking out the product, jobs at our Denver HQ or remotely, or something else, please reach out!