Fast-growing DevSecOps innovator SecureStack may have been a “company of one” until a few months ago, but the firm’s founder credits the backing of Australia’s cybersecurity industry development body with fast-tracking it to an appearance at the RSA Conference 2019.
Queensland-based SecureStack was the brainchild of Paul McCarty, a long-term “DevOps guy” who productised his consulting expertise in 2017 as a cloud automation and orchestration engine that simplifies the deployment and management of security-hardened system images.
Warm response from a few key customers – McCarty isn’t naming names for now, but claims users in Australia, India, South Korea, Poland, and the United States – has confirmed the relevance of the toolkit and pushed the company into what, he told CSO Australia, is “a real customer development phase”.
The company’s SecureCloud system functions as a core enabler of much-discussed DevSecOps – coordinating operational, development, and security functions by automating the deployment of hardened AWS, Google GCP, Azure or VMware containers that can be customised with a range of security and management policies.
SecureStack is participating in the AustCyber-Austrade Australian Cyber Security Mission to the USA, in which authorities are accompanying a number of Australian cybersecurity innovators to engagements across the US and at the RSA conference – which has become the de facto centre of gravity for the ever-expanding industry.
The two-week mission featured 32 participants including Aleron, Cogito, Cryptoloc Technology, CyRise, Deception.ai, Forticode, Huntsman Security, Secure Code Warrior, Snare Solutions, and others.
McCarty credits the organisations’ “really powerful advocates” – in particular, AustCyber CEO Michelle Price and communication and engagement manager Olivia Grandjean-Thomsen – for helping expose his fledgling company to industry contacts, who have had an “awesome” response when he talks about the success of his early companies.
Much of the enthusiasm comes from the “fact we’re doing something different in security,” he said, hoping that the DevSecOps automation tools would stand out from a flood of endpoint managers and edge protection tools at the pivotal conference.
“This is an area where companies haven’t been spending much money or time on, but they have been wanting or needing it,” he explained. “There is definitely a gap.”