This is a co-founding team with a spiritedness that knows no bounds; with one founder in Canada and one in Australia, Appsec360 haven’t let distance (or a pandemic) dampen their enthusiasm for building a solution the market needs. With a long history of working together and a shared ethos for doing good, Sameer Saran and Gaurab Bhattacharjee found a problem they wanted to solve. This was a pain point they’d felt firsthand. It was clear this was the right task to join forces on.
“We’d found in our experience that there was no application security process” said Sameer. “The tipping point for me was when I was asked to deliver a talk on Security Development Lifecycle (SDL). When delivering that talk, it was clear that people did not understand SDL and were unsure of how to implement it. I thought, if we can conceptualise this into a product instead of consulting staff who don’t know how to manage it after we’ve gone, then we’re onto something.” It was at this point that Sameer discussed his idea with Gaurab.
“We spoke about it before I moved to Australia in 2019. It was around that time I was a consultant at a bank, and it was chaos”, laughs Gaurab. “Technology would go in and there were so many security issues. There was documentation on how to securely implement it, but no one was following it.” Why? “It was just too difficult. Because of that, applications were being released that weren’t secure. By September 2019 we’d built a prototype of Appsec360”.
Helping teams by clearing obstacles
In a space where there’s no standardisation, Appsec360 want to provide their timely solution. “We can add standardisation and save hours.” says Sameer. “It helps people like us who are doing the day-to-day job. Security is not easy. A lot of frustrations are continually piled on. It’s frustrating. A tool like this helps. If we deliver, it clears obstacles and helps teams to gel together.”
Gaurab expands, “Our overall mission is to empower developers to write secure code in the easiest way possible. My daughter will use apps. I want to know that it’s easy for people to code them securely. I don’t want to have to worry that her personal data is secure. That’s why we need to fix this problem. As people move to the cloud, we secure the cloud. But product security has windows left open. It’s important to close and secure them.”
There’s an imbalance in the ecosystem of security, which is only going to get worse unless it’s addressed. “For every 50 software developers, there’s one security engineer,” explains Sameer. “With tech changing every 3–6 months, it’s even more difficult for the security engineer to keep up — there’s a great divide. I feel sorry for the security engineer. You are the person who is supposed to secure the software, but you’re at the mercy of the system. Appsec360 is here to simplify their lives; that’s our achievement”.
From playing in the weeds to getting perspective
Now was the time to innovate. “The product provided an avenue to let the inner frustration out.”, said Gaurab. “Once we started implementing the product, it was an amazing revelation. Seeing a problem in the real world and having it resolved in the way you’ve designed is amazing. With Appec360 the workflow now makes sense. We are solving a problem that is real.”
Sameer has learnt a lot about himself through this process, too. “It’s about getting a high-level perspective on things. We always have a lot of ideas coming up. Sometimes it’s not good to have laser focus. You need to have a 10,000 foot view, too”. That overarching perspective doesn’t stop Sameer from doing what he loves, though. “I like coding. It’s a problem so close to our hearts, but it’s also a problem we’re solving for others. Creating this solution is eternal happiness. I have found nirvana!” he laughs.
“People get serious about startups”, explains Gaurab. “But we look at it like our life journey. We’re learning to take feedback in our stride. It’s ego flattening, for sure, but you cannot create a product without your ego being flattened in some way. To handle that is a learning for me.”
On startup culture
This coachable, agile, fast-moving duo, surprisingly felt a little culture shock when adjusting to the startup world.
“After becoming a founder, I have to do everything”, says Sameer. “We are doing sales, marketing, coding, talking to everyone and getting their feedback. It’s a huge responsibility. If you don’t want to spend time building your business, then you are doomed. Becoming a founder is not about dollars in a bank account. You have to work hard to make the money! You hear all the success stories, but you don’t hear how much they burn their oil to make it happen.”
“Burn their souls!”, laughs Gaurab. “Look, I was not as blindsided as Sameer. A number of the more recent companies I worked for were early stage. My priority is family, so there’s a flexibility that comes with a startup that fits that. But it also demands a lot from them, too! My daughter comes first. My business comes next.The support from family is awesome. It helps a lot.” And on the subject of customer discovery? “I’m very introverted so communicating is stressful. CyRise has been very useful for me. It’s made me a better communicator. But for conversations? Your LinkedIn network is not what you think it is. If people think you’re trying to sell, they will avoid you. That’s been a huge learning. Not everyone in your network will stand up in support.”
On working together
It’s always a risk when you partner up in a co-founding relationship, but for these two, there was never a doubt. “I was never concerned about the dynamic”, explains Sameer. “I was unsure of where we’d end up, but I knew we could work together. The geographies add spice!”
“Sameer and I have the ability to give honest feedback to each other.” says Gaurab. “It’s very important, but also hard when you’re working remotely. Having that communication channel open and clear is necessary for our success”.
Sameer takes that even further. “The best thing about us is we work as friends, not CTO and CEO. We respect each other in decision making. We have clear responsibilities. We know each other’s capabilities. I can trust him. He can trust me.”
Gaurab adds some more colour. “Our family now knows each other. That family connection is useful. It’s a communal experience. My daughter will call Sameer ‘uncle’, and people will pop on the screen for a chat when Sameer and I are on a video call.”
Operating with trust and building community
Trust underpins the Appsec360 values system. “I need customers to trust the software. I can’t betray that. It’s the trust. With coworkers, too — it’s all about trust.” says Sameer. And it’s also about community. “We started a school back in India, because we care about giving back to our community. In a way, that’s what motivates us with Appsec360, too: we’re giving back to the security community by making life easier.”
There’s a joy that comes from this journey for these close friends. “We both agree we’re having a very good time”, says Gaurab. “We’re stressed by the competition. We’re unsure where it’ll end up. But we’re enjoying it.”
