We talked to Rickard Carlsson on how Detectify helps businesses stay on top of security and build safer web applications. The following is what he had to say about it.
First of all, how are you and your family doing in these COVID-19 times?
Rickard Carlsson: Thanks for asking. We are well under the circumstances. Like everyone else, we focus on staying safe and healthy and work from home.
Tell us about you, your career, how you joined Detectify.
Rickard Carlsson: I’m a tech nerd at heart and started my career as a management consultant at McKinsey. I was introduced to the other co-founders of Detectify when the company was in its earliest phase. They’re some of the brightest minds in the ethical hacking community. When we met, they showed me how full of security holes the internet is. They wanted to give more organizations access to the security knowledge that hackers have to help them better protect their platforms from threats.
The founders were looking for someone who could turn their vision of an ethical hacker-powered security scanner for web applications into a business. Very few people in the world have a deep understanding of web security, and that knowledge gap is ultimately why organizations get breached. It’s difficult for any company to keep up with hackers’ speed and expertise, and the more digital platforms that are added, the harder it is to keep track of the potential attack surface.
I was immediately excited about the idea of a security service that scales human intelligence. That was 7 years ago. Since then, we have grown Detectify into a security industry challenger of 140 people, with a growing network of leading ethical hackers submitting their latest findings and some of the world’s most popular tech platforms as clients, among them Spotify, King, and Trello.
How does Detectify innovate?
Rickard Carlsson: Innovation is the very core of what we do. We are the first web vulnerability scanner that is powered by crowdsourced hacker knowledge. That way of approaching security, as a collaborative effort, is still quite unconventional. The traditional way is to talk about threats, fear, risks, and compliance. But security can and should be a tool for growth and new ideas – it should never stand in the way of digital innovations. And that requires security to be integrated into every development process, to be “demystified” and a part of the culture.
How does the coronavirus pandemic affect your business, and how are you coping?
Rickard Carlsson: As a SaaS company, we live in the digital world, and so do most of our customers. So our ability or efficiency in delivering services has not really been affected.
Since many companies have quickly transitioned to a digital workplace, concerns, and security detection for user access, exposing internal applications, sensitive data exposure, and security misconfigurations have been more common in our conversations. The pandemic has highlighted the need for stronger web protection for a lot of organizations.
Did you have to make difficult choices, and what are the lessons learned?
Rickard Carlsson: Like for many other companies, switching from working mostly from the office to fully remote has had its challenges. Keeping the team motivated and mentally well, and not losing the sense of belonging despite working alone is something we work on every day. This year has confirmed to us how important it is to have a strong company culture and focus a lot on culture fit when recruiting new people. It’s easier to motivate everybody to work towards a common goal when you share the same values.
Who are your competitors? And how do you plan to stay in the game?
Rickard Carlsson: The security industry is a crowded place with a lot of noise. Our focus has been to listen and then act on our customer needs, one of which is detecting web security vulnerabilities as soon as they emerge. There are other vulnerability scanning products out there, but none is powered by a community of handpicked ethical hackers. By working with leading ethical hackers, we get the latest and more relevant research “from the streets”. We can develop testing quickly and deliver it to our customers in record times so they can stay on top of emerging threats. We replicate the methods used by real-life, malicious actors, so our customers get access to the same techniques without needing deep security expertise. We will keep refining the performance and user experience of the product. Another focus is to grow our network of ethical elite hackers powering it, to give customers access to even more brainpower.