We've Raised $3.1M From 25+ Leading CISOs Read More
THOUGHT LEADERSHIP

Eliminating the Friction Between Development and Security Teams with Tromzo

Harshil Parikh | 21 October, 2021

Developers ignore security issues. But can we really blame them?

After all, us security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down.

I experienced this first hand throughout my security career. Our AppSec team would work with developers to build secure code and find security bugs, then the majority of those issues would simply be ignored. This created major tension between these two teams. The developers were frustrated with alerts that were unactionable while security was frustrated their requests were ignored. On many occasions, the tension got bad enough that the relationship between a few development teams and security completely broke down.

This friction between developers and security exists in most modern teams. This lack of collaboration and alignment leaves applications vulnerable to security breaches and it leaves security practitioners feeling underappreciated, undervalued, and questioning their career choice.

Earlier this year, Harshit Chitalia, a former engineering lead at Juniper Networks and I began discussing this problem. With my experience leading teams struggling with these challenges and Harshit’s experience from an engineering perspective, we realized we were in the perfect position to solve this problem. Today, we’re excited to officially announce our solution.

Introducing Tromzo

#1 Developer First
Application Security Management Platform

Tromzo is a developer-first application security management platform that helps AppSec teams find and fix their most critical vulnerabilities.

At Tromzo, we believe that AppSec teams today don’t have an issue detection problem. Most AppSec and development teams have more security bugs than ever before and the challenge now is to fix what really matters. Tromzo helps teams understand what exactly needs to be fixed, why and how.

Tromzo provides end to end visibility, reduces noise, eliminates manual work, and drives security ownership. Most importantly, Tromzo makes it possible for AppSec teams to keep up with the pace of modern development and scale their application security program.

Here’s how the platform works:

Step 1: Connect Data Sources

Gain complete visibility within minutes by connecting one or more AppSec tools, DevOps systems and Cloud Platforms using APIs.

Step 2: Prioritize With Context

Identify what is relevant or leverage out of the box rules to create actionable security alerts across CI / CD workflows.

Step 3: Automate Remediation Campaigns

Developers get automatically alerted about the few actionable alerts in the tools they use, so they have full context of why an issue needs to be fixed and how.

Step 4: Measure and Improve AppSec Programs

Measure and communicate security posture with development teams and executives.

The Tromzo Mission

Our mission is to eliminate the friction between developers and security so AppSec teams can scale their application security programs.

Achieving this scale requires a developer-first approach to security. Security must be made easy for developers so they can focus on shipping great software. Only then can AppSec teams focus on higher-value strategic work.

We imagine a world where security becomes self-service and developers are able to effortlessly determine security measures appropriate for their work and tune out the noise. A world where security becomes a first-class citizen in developer workflows and security teams are empowered to do meaningful work.

This is what the future of application security will look like.

To support this vision for the future, we’ve raised a $3.1M seed round led by Innovation Endeavors and more than 25 leading CISOs and executives.

Adam Glick
CISO, SimpliSafe
Ben Waugh
CSO, Redox
Brian Johnson
CSO, Armorblox
Caleb Sima
CSO, Robinhood
Clint Maples
CSO
Craig Rosen
CSO, ASAPP
Drew Daniels
CISO, Druva
Gerhard Eschelbeck
CSO, Aurora
Jeff Trudeau
CSO, FinTech Enterprises
Joel Fulton
Fmr CSO, Splunk
Kathy Wang
CISO, Very Good Security
Manish Mehta
Security Leader, F5 Networks
Ody Lupescu
CISO, Ethos Life
Peter Liebert
Fmr. CISO State of California
Phoram Mehta
APAC CSO, PayPal
Steve Pugh
CISO, ICE | New York Stock Exchange
Ty Sbano
CSO, Sisense
Zane Lackey
Founder Signal Sciences

Now that we’ve exited stealth, we’ll be going to market to help more teams eliminate friction between their developers and security so they can scale their application security program. Join us!