As leaders in Engineering and Operations throughout our careers, we've seen countless times the tools, processes, and automation which are underinvested in. Our battle-tested experience building security and compliance teams and programs across multiple fortune 500 companies has taught us that focusing on compliance only at certain times of the year leaves you rushing through tests, scrambling to gather evidence, and hoping you don't get any findings. We know there is a better way.
When we looked at the tooling available in the market one thing stood out to us: almost none of the companies focused on automated compliance / continuous GRC / centralized trust management platforms open-sourced their tooling, templates, or automation. We believe in democratizing security and compliance, and envision a future where we can unite individuals and enterprises and transcend the limitations of solitary innovation with a cooperative approach to tackling cyber threats and risk.