The Definitive DAST RFP Template & Buyer’s Guide Download
StackHawk logo featuring a stylized hawk icon on the left and STACKHAWK in bold, uppercase letters to the right. The white text and icon on a light gray background reflect its focus on Shift-Left Security in CI/CD.


Sign In
Get a Demo

Customer Success Story

How Hagerty Scaled AppSec Across 40+ Developer Teams with StackHawk

Hagerty’s DevOps Security team rolled out StackHawk to more than 40 development teams in about two quarters. The playbook: coordinate implementation with developer sprint cycles, build repeatable patterns, and make the work easy for engineers to run with.

A light blue upward trending arrow on a dark background, symbolizing growth or increase—such as in statistics, financial performance, or advancements in API Attack Surface Discovery.

AppSec scaled without becoming a bottleneck

A dark square icon with rounded corners features two light blue angle brackets facing each other in the center, symbolizing coding and Shift-Left Security in CI/CD for modern development.

Wide-scale developer adoption

A simple icon of two light blue human figures, one larger and one smaller, on a dark background, representing a group or community focused on AppSec Risk Prioritization.

Distributed ownership across 40+ development teams

White bold text on a light gray background reads HAGERTY in all capital letters.

Use Case

Scaling DAST across dev teams

Industry

Insurance

Developers

350+

Read the Blog
Hagerty is a specialty insurance provider focused on classic, collector, and enthusiast vehicles, with a growing portfolio of digital products for car lovers around the world. Their security team protects that business across a fast-moving engineering organization.

StackHawk is a great tool. The documentation is great, it’s very clear how to implement it in different environments, and flexible for all kinds of different scenarios or use cases.

John Mercer, DevOps Security Engineer, Hagerty
A simple blue outline drawing of a magnifying glass on a light blue background, symbolizing API Attack Surface Discovery and enhanced security for GraphQL & gRPC APIs.

The Problem

One security engineer responsible for 40+ developer teams couldn’t manually drive adoption. The challenge wasn’t technical or political — it was operational: getting StackHawk work scheduled, prioritized, and completed across dozens of independent sprint cycles.

A turquoise, three-dimensional lightning bolt icon is displayed on a pale blue background, symbolizing AppSec Risk Prioritization.

The Solution

Hagerty treated the rollout as a project management problem. By partnering with PMs, building reusable stack templates, and leading with developer-friendly messaging, they distributed the work without distributing the burden.

A simple teal line drawing of a shield with a check mark in the center, symbolizing protection or security such as Runtime Vulnerability Detection, on a light blue background.

The Results

In roughly two quarters, Hagerty deployed StackHawk across all 40+ teams without slowing engineering down — proving that AppSec at scale is a coordination problem first, and a technical one second.

The Problem

Hagerty chose StackHawk for its strong documentation, flexibility across environments, developer-friendly design, and ability to simulate real attacks without blocking pipelines. The next step was strategizing how to scale it.

When John Mercer, DevOps Security Engineer at Hagerty, decided to scale StackHawk across more than 40 developer teams, the challenge wasn’t technical. Leadership buy-in at the CIO and CISO levels also came easily. The harder problem was operational: translating that priority into scheduled, completed work inside existing sprint cycles, with one security engineer covering dozens of teams.

As Mercer put it, “One person can’t go through 20, 30, 40, 100 teams… You have to distribute the work.”

Choosing a Solution

Hagerty took a coordination-first approach to the rollout, built around three principles:

Treat scale as a project management problem

Mercer partnered with Hagerty’s project managers to prioritize the StackHawk work, assign deadlines, and fit implementation into upcoming sprints. “The real problem wasn’t technical, and it wasn’t the devs. It’s an easy product to implement. It was a project management problem.

Templatize and repeat

Before rolling out broadly, Mercer configured and optimized initial scans across Hagerty’s main stacks (.NET, Python, and Node), then reused that work as a template every team could copy. “Once there’s a pattern, you can simply copy it with very little additional work needed.

Lead with value, not mandates

Mercer communicated StackHawk’s value in terms that developers care about: “I always led with ‘StackHawk mimics a real-world attack.’ Then I reassured them that I will never block them with StackHawk. It’ll only add like five minutes to their pipeline, and then they’re covered.” That message landed because Hagerty’s Security and Engineering teams had already invested in a strong working relationship.

Experience with StackHawk

In roughly two quarters, Hagerty rolled StackHawk out across more than 40 teams without security becoming a bottleneck for engineering. By focusing on repeatable patterns, clear communication, and distributed ownership, they scaled AppSec in a way that worked for engineers.

The takeaway for other organizations: treat AppSec scale as a coordination problem first, then a technical one. Build the pattern, communicate the value, and make it easy for teams to run with it.

The real problem wasn’t technical, and it wasn’t the devs—It’s an easy product to implement. It was a project management problem.

John Mercer, DevOps Security Engineer, Hagerty
Dark graphic with the text SOAR Framework for Scaling AppSec Testing Coverage, featuring an icon of a block with three vertical bars and data points, highlighting analytics, growth, and Shift-Left Security in CI/CD for modern DevSecOps teams.

Learn How to Scale AppSec Testing Coverage With the SOAR Framework

Scale runtime security testing beyond the pilot. The SOAR Framework maps key milestones across four phases—and breaks down the meetings, red flags, and pro tips to scale coverage fast without becoming a bottleneck.

Download the Framework

Explore Our Customer Stories

Black and white digital drawing of a simple maze with thick lines, symbolizing Shift-Left Security in CI/CD, featuring one entry point on the left and one exit on the right, connected by a path with several turns.

Public Benefit Corporation

Change.org needed a way to improve their security posture and effectively protect their platform and users at scale.

A simple line drawing of a computer monitor on a round stand, displaying three connected hexagons representing Runtime Vulnerability Detection on the screen.

Health Tech

A healthtech company boosted security with StackHawk for API discovery and automated CI/CD security testing, to improve efficiencies while reducing risk.

A line drawing of a document with a pie chart and text lines, next to a stack of coins with a dollar symbol on top, representing financial or business data and Runtime Vulnerability Detection.

Financial Services

Learn how one FinTech Leader deployed StackHawk to secure its Fortune 100 customers, prioritizing a shift-left and continuously secure model over just box checking for compliance requirements.

Interested in seeing StackHawk at work?

Schedule time with our team for a live demo.

M

See StackHawk in Action

Schedule a 30-minute live product demo with expert Q&A

G2 Reviews logo

 4.6 | 68 Reviews

For more information about how StackHawk handles your personal data, please see our Privacy Policy.

Get a Live Demo