Eliminating the Friction Between Development and Security Teams with Tromzo
Developers ignore security issues. But can we really blame them?
After all, us security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down.
I experienced this first hand throughout my security career. Our AppSec team would work with developers to build secure code and find security bugs, then the majority of those issues would simply be ignored. This created major tension between these two teams. The developers were frustrated with alerts that were unactionable while security was frustrated their requests were ignored. On many occasions, the tension got bad enough that the relationship between a few development teams and security completely broke down.
This friction between developers and security exists in most modern teams. This lack of collaboration and alignment leaves applications vulnerable to security breaches and it leaves security practitioners feeling underappreciated, undervalued, and questioning their career choice.
Earlier this year, Harshit Chitalia, a former engineering lead at Juniper Networks and I began discussing this problem. With my experience leading teams struggling with these challenges and Harshit’s experience from an engineering perspective, we realized we were in the perfect position to solve this problem. Today, we’re excited to officially announce our solution.
#1 Developer First
Application Security Management Platform
Tromzo is a developer-first application security management platform that helps AppSec teams find and fix their most critical vulnerabilities.
At Tromzo, we believe that AppSec teams today don’t have an issue detection problem. Most AppSec and development teams have more security bugs than ever before and the challenge now is to fix what really matters. Tromzo helps teams understand what exactly needs to be fixed, why and how.
Tromzo provides end to end visibility, reduces noise, eliminates manual work, and drives security ownership. Most importantly, Tromzo makes it possible for AppSec teams to keep up with the pace of modern development and scale their application security program.
Here’s how the platform works:
Step 1: Connect Data Sources
Gain complete visibility within minutes by connecting one or more AppSec tools, DevOps systems and Cloud Platforms using APIs.
Step 2: Prioritize With Context
Identify what is relevant or leverage out of the box rules to create actionable security alerts across CI / CD workflows.
Step 3: Automate Remediation Campaigns
Developers get automatically alerted about the few actionable alerts in the tools they use, so they have full context of why an issue needs to be fixed and how.
Step 4: Measure and Improve AppSec Programs
Measure and communicate security posture with development teams and executives.
The Tromzo Mission
Our mission is to eliminate the friction between developers and security so AppSec teams can scale their application security programs.
Achieving this scale requires a developer-first approach to security. Security must be made easy for developers so they can focus on shipping great software. Only then can AppSec teams focus on higher-value strategic work.
We imagine a world where security becomes self-service and developers are able to effortlessly determine security measures appropriate for their work and tune out the noise. A world where security becomes a first-class citizen in developer workflows and security teams are empowered to do meaningful work.
This is what the future of application security will look like.
To support this vision for the future, we’ve raised a $3.1M seed round led by Innovation Endeavors and more than 25 leading CISOs and executives.
Adam GlickCISO, SimpliSafe
Ben WaughCSO, Redox
Brian JohnsonCSO, Armorblox
Caleb SimaCSO, Robinhood
Craig RosenCSO, ASAPP
Drew DanielsCISO, Druva
Gerhard EschelbeckCSO, Aurora
Jeff TrudeauCSO, FinTech Enterprises
Joel FultonFmr CSO, Splunk
Kathy WangCISO, Very Good Security
Manish MehtaSecurity Leader, F5 Networks
Ody LupescuCISO, Ethos Life
Peter LiebertFmr. CISO State of California
Phoram MehtaAPAC CSO, PayPal
Steve PughCISO, ICE | New York Stock Exchange
Ty SbanoCSO, Sisense
Zane LackeyFounder Signal Sciences
Now that we’ve exited stealth, we’ll be going to market to help more teams eliminate friction between their developers and security so they can scale their application security program. Join us!