Sign up to save your podcasts
Or
Share How StackHawk repositioned runtime testing as the essential layer when AI-generated code made static analysis unmanageable
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How StackHawk repositioned runtime testing as the essential layer when AI-generated code made static analysis unmanageable
Joni Klippert didn't come from security. She came from DevOps — two companies, including VictorOps, which she joined as the first non-engineering hire and helped bring to market. At conferences like DevOps Days Enterprise, she kept running into the same frustrated security teams: they knew they couldn't keep up with the pace of software delivery, but their only move was to act as a gate. That observation, paired with her co-founder Scott Gerlach's decade of practitioner experience — including CISO at SendGrid through its acquisition by Twilio — became StackHawk: a dynamic application security testing platform that puts runtime vulnerability testing directly into the CI/CD pipeline, built for the engineers writing the code. In this episode, Joni breaks down how she abandoned her original PLG thesis when enterprise came knocking, how AI-accelerated software delivery has created a structural problem for static analysis tools that benefits StackHawk, and why category definition in AppSec is less about analyst quadrants and more about being precise about what you test and how.
TOPICS DISCUSSED
- Why a DevOps founder built her third company in cybersecurity
- The structural ceiling in engineering-led PLG deals — and what it signals about ICP
- How StackHawk's first major enterprise logo arrived inbound and changed the GTM thesis
- Rotating segment focus when market conditions compress SMB security budgets
- Why AI-accelerated code delivery is a tailwind for runtime testing and a headwind for static analysis
- Building a bridge product for aspirational enterprise buyers who aren't yet DevOps-native
- Category definition when you don't fit cleanly into AppSec or API security
- Working with analysts on emerging categories like DAST in the age of AI
- The organizational misalignment between engineering velocity goals and AppSec team operating models
// Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io
The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co
//
Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM
View all episodes
By Front Lines Media
5
66 ratings
Joni Klippert didn't come from security. She came from DevOps — two companies, including VictorOps, which she joined as the first non-engineering hire and helped bring to market. At conferences like DevOps Days Enterprise, she kept running into the same frustrated security teams: they knew they couldn't keep up with the pace of software delivery, but their only move was to act as a gate. That observation, paired with her co-founder Scott Gerlach's decade of practitioner experience — including CISO at SendGrid through its acquisition by Twilio — became StackHawk: a dynamic application security testing platform that puts runtime vulnerability testing directly into the CI/CD pipeline, built for the engineers writing the code. In this episode, Joni breaks down how she abandoned her original PLG thesis when enterprise came knocking, how AI-accelerated software delivery has created a structural problem for static analysis tools that benefits StackHawk, and why category definition in AppSec is less about analyst quadrants and more about being precise about what you test and how.
TOPICS DISCUSSED
- Why a DevOps founder built her third company in cybersecurity
- The structural ceiling in engineering-led PLG deals — and what it signals about ICP
- How StackHawk's first major enterprise logo arrived inbound and changed the GTM thesis
- Rotating segment focus when market conditions compress SMB security budgets
- Why AI-accelerated code delivery is a tailwind for runtime testing and a headwind for static analysis
- Building a bridge product for aspirational enterprise buyers who aren't yet DevOps-native
- Category definition when you don't fit cleanly into AppSec or API security
- Working with analysts on emerging categories like DAST in the age of AI
- The organizational misalignment between engineering velocity goals and AppSec team operating models
// Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io
The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co
//
Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM