HackerNoon Reporter: Please tell us briefly about your  background. My name is Paul McCarty and I’m the Co-founder and CTO of SecureStack I’ve been in IT for almost 30 years. Much of that time, I have been working with engineering teams to help them build and deploy applications so I’ve seen it all, from the rise of Linux in the 90’s to the the dominance of the LAMP stack in the early 2000’s.  Ten years ago it was virtualization and soon thereafter the advent of DevOps. More recently, the public cloud, containers, and serverless have dominated application development. Throughout all that, I’ve needed to secure those applications as they’ve evolved and that’s my specialty: securing applications at scale. What's your startup called? And in a sentence or two, what does it do? SecureStack is the world’s first security platform built by developers, for developers.  We help engineering teams build better applications by giving them visibility across their applications holistically.  We do this by integrating into their source code and cloud stack which helps our platform really understand their applications and give them hyper-targeted fixes to any problems we find. What is the origin story? In my many years in the industry, it was obvious that the security tools that exist are not built to be consumed by developers, so we shouldn’t be surprised that developers don’t use them. I kept seeing projects that I was working on run into security problems because the developers that had built it didn’t know how to embed security in their projects.  This meant those projects ran over budget and exposed users to data breaches and other security problems. What do you love about your team, and why are you the ones to solve this problem? Our mission at SecureStack is to build a security platform that developers want to use and that helps them collaborate with security teams.  My whole team gets that and we all live and breathe it every day because after all, we are a bunch of developers who want to build a security platform, right? We know our customers' problems and pain points intimately because of who we are. If you weren’t building your startup, what would you be doing? I’d be doing what I did before I started SecureStack: working with enterprise and government customers to help them build better, more secure applications.  I love it! Oh, and I’d probably be skateboarding and snowboarding more than I am now. At the moment, how do you measure success? What are your core metrics? We know we are winning if a customer uses our platform on a daily basis.  Its not really daily active users (DAU) that we are defining here, but rather the validation that the customer has integrated our platform into their  development processes.  Our best metric of success is seeing that we are being used every time they push code or deploy a change to their application. What’s most exciting about your traction to date? We’ve been surprised at how diverse our early customers have been. We thought initially that our early adopters would be startups and scaleups as that was how we saw, and defined, our target customer. But the reality is that large enterprise customers have the same problems, only they have them bigger, and often they are more urgent!  We know that we have a winning solution because customers are reaching out to us because they’ve heard about our platform. We aren’t having to do much outbound lead gen right now because we are busy enough with cold inbound.  It’s a good place to be! What technologies are you currently most excited about, and most worried about? And why? Containers and serverless. I love how portable containers are. It makes deploying and scaling applications easier. Similarly, I love the event driven nature of serverless and how they simplify a service down to a set of discreet functions. I think both technologies will have a significant impact on how people build applicaitons from now on. However, the flip side is that both come with their own challenges about how to secure them. Serverless is a great example: a standard AWS serverless stack uses more than 12 AWS services and many of those are public endpoints and all need to be configured and managed in different places, APIs and consoles. In a serverless, javascript and cloud enabled world, the browser really has become the attack surface. I don’t think a lot of people understand the implications of that yet. What drew you to get published on HackerNoon? What do you like most about our platform? I love tech, startups and hacking so what else could I want in a platform?! What advice would you give to the 21-year-old version of yourself? Build a startup sooner!  Take a risk sooner, because chances are you waited too long. What is something surprising you've learned this year that your contemporaries would benefit from knowing? Product Market Fit is a LOT harder to achieve than I thought.  You have to work with customers EVERY day and you have to spend more time that I care to admit thinking about how to explain what you do to all kinds of potential customers.  As an engineer, I originally thought that if I fix a major technical problem, that the rest would be easy.  I now realize in hindsight that the easy part was fixing a major technical problem and what comes after that is the hard part. SecureStack was nominated as in Startups of the Year hosted by HackerNoon one of the best startups in Gold Coast, Australia

BUNCH

Target

Build more secure applications with the SecureStack continuous improvement platform

2022 - Software Developer of the Year

Nominated for 2022 - Software Developer of the Year

Too Long; Didn't Read

Get free API security automated scan in minutes

Existing Security Tools are not built for developers, so this developer-turned-founder created one

Too Long; Didn't Read

Companies Mentioned

@paulmccarty

RELATED STORIES