Finding a way for engineers to build software efficiently and securely is an ongoing problem to be solved. Navigating how engineering and security teams can better work together is part of the solution.
“Nullify was discovered very much off the back of persistent cultural problems we were seeing in the industry — software teams not understanding how to build secure software and security teams not understanding how software teams were working. This big rift between engineering and security that just wasn’t being bridged. Our vision is to build a product that with one click, it feels like there’s a security engineer embedded into every single developer,” explains CEO Shan Kulkarni.
A team of uni friends
Shan met his co-founders at the University of New South Wales (UNSW). He met Tony Mao, Nullify COO in his first year studying computer science and software engineering.
He met CTO Tim Thacker later, when they were co-teaching DevSecOps and cloud security. At the same time he was lecturing, Shan was a cloud consultant at an AWS consulting partner. “We got a lot of traction getting students to build novel products. At the same time, we were working in industry and seeing persistent gaps and problems. So in August, we said let’s have a go at building a product,” explains Shan.
Enable secure development at scale
“Nullify is a software as a service product that orchestrates a range of open source security testing tools and runs them across your codebase with one click. It removes the overhead of adding security tooling to your whole git repository and all your different environments. It allows developers to take control of security, so organisations can distribute security ownership across all their developer teams,” explains Shan.
Nullify works how and where a developer works: in the codebase. With one click businesses can start scanning application/infrastructure code, container images, API endpoints and secrets in all repos across their entire git organisation.
“An ideal customer for Nullify at this stage would be a company who produces software, so they have some sort of obligation to write secure code,” says Shan. “Right now we’re really focusing on greenfields, so customers who aren’t doing any security tooling at the moment: scale ups and small to medium businesses, 50 to 500 employees.”
What’s next
The CyRise Accelerator has been a valuable experience for the team. “It’s been so eye-opening, learning more about what we don’t know and there’s a lot that we don’t know. It’s been challenging but in an awesome way,” says Shan. “We just raised in December and went fulltime in January. It’s really awesome to see the other portfolio companies, where they’re at in their journey. We’re riffing off them and learning from them.”
“The number one thing we want to accomplish from the program is getting a better understanding of how security and engineering leaders are viewing and undergoing application security, their application security journeys, and their DevSecOps transformation. We’ve seen it a lot in our own experiences, but we’re continuing to validate our assumptions,” says Shan.
Nullify has already attracted initial clients and investors. They’re looking to connect with new customers and design partners to build out the product.
Meet the team
CyRise Demo Day will be held at Aerial UTS Function Centre on 9 May 2023 at 6pm. RSVP here to get your free ticket.
Learn more about Nullify at: nullify.cloud
