Welcome to our blog.

Aikido has just gone through the process of becoming ISO 27001:2022 and SOC 2 Type 2 compliant. And one of the things we wish we’d had was some practical, no-nonsense advice on how to get started. Best practices, things to watch out for - basically tips from someone who’d already been through the ISO 27001 certification process.

Read more about Aikido’s path to becoming ISO 27001:2022 compliant and the ISO 27001 requirements.

That’s why we’ve written this blog post: to help anyone at a SaaS company looking at becoming ISO:27001 compliant.

8 things we learned during the ISO 27001 certification process

1. Know what you’re getting into

If you’ve never done this before, the first thing to do is ask your friends and business acquaintances. You’ll probably find someone who has gone through the process, so hit them up and get advice.

If you really can’t find anyone, you can make contact with a pre-auditor. Just be aware that they will understandably try to sell you services.

Either way, it really helps to get a good sense of how it all works. This will save you time in the end and help you get your ISO 27001 certificate faster.

2. Communicate that you’re working on implementing ISO 27001

People appreciate it when you mention you’re in the process of implementing ISO 27001. They’ll be eager to know that there will be less for them to worry about in the near future. And that will in turn help your sales and conversions. So mention this on your website, in sales conversations, on LinkedIn, and more. Let your users know that you’re making your product more compliant.

3. Decide which ISO 27001 standard to implement (2013, 2017, or 2022)

2022 has way more controls regarding secure coding and software security. (e.g. detection of malware is a new control). This means it involves more work to implement than an older version. If you go for one of the newer standards, it will require more controls, but you’ll already be prepared for the future. So it’s probably better to go for the 2022 version.

Quick tip: ISO 27001 certification needs a full audit every three years. That means that it’s best not to go for ISO 27001:2013, as it’s only valid for another two years.

Each version of the ISO 27001 standard also frames the risk management process differently. The 2022 version includes updated certification requirements that reflect evolving cybersecurity risks. That makes it important for companies to have a robust risk management process in place to identify, assess, and mitigate these risks.

Note that, if you’re a big, mature company, you might prefer to go for the 2017 version, as it’s more established and might lead to less disruption in your existing processes.

4. Don’t outsource everything

It’s risky to outsource the whole process... Even though it’s possible to outsource the whole process to a consultancy, I would advise against this. Sure, a consultant can definitely help, provide templates, and that kind of thing. But if you outsource everything and you encounter a problem, you need to know how to handle it. My advice is to have at least two, and up to four, people from the company involved.

Quick tip: Remember that the final audit must be carried out by an accredited certification body!

5. Get a pentest that makes sense for your company

If you’re a software company, you should choose a pentester to focus on things that are not covered by automated tooling like OWASP ZAP. Go for pentesters with bug bounty hunter experience, rather than “old-school” pentesters.

6. Leverage compliance standards and accelerate

Already being SOC2 compliant makes it faster to become ISO compliant. And it’s good to know that, if you’re ISO compliant, NIS2 (a new regulation applicable in the EU) will be easier.

Quick tip: Double-check that your auditor has been audited (it’s a requirement). Don’t settle for someone without the right credentials or you might get duped.

7. Realise that nobody’s perfect

The eventual audit will always find non-conformities and it’s OK to be imperfect. But you have to know about those imperfections and make sure you have a formal action plan to resolve the issues. It’s a continual improvement process that will ultimately lead to better security throughout your company. Sure, you might never attain “perfection” but you should do your best to get there!

8. Start early with implementing tools that cover ISO controls

If you’re considering going for ISO compliance, it’s always a good idea to do a trial run of the tooling that will help you cover certain controls (and also produce the evidence you need).

For example, ISO requires you to implement some processes regarding people. for instance, onboarding, offboarding, background checks, assigning and retrieving of company assets. Having these processes implemented in a human resources information system (HRIS) such as Officient, Personio, or Workday, will help you hit the ground running the moment you need to produce your evidence for ISO.

It’s the same thing with Aikido, which already performs checks on 22 controls and generates a comprehensive ISO 27001 report. It’s another great example of getting a head start on preparing for your ISO.

ISO 27001:2022 technical vulnerability management

On your own path to ISO 27001:2022 certification? Our platform, Aikido Security fulfills all technical vulnerability management needs for ISO 27001:2022 applications. We’ve also decided to partner up with Compliance Monitoring Platforms (like Vanta or Drata) to easily sync the data & ensure that your vulnerability information is always up to date. This helps you easily stay on top of your security posture.

Request our report

Feel free to request our own ISO 27001:2022 certificate directly on our security overview page. We’re more than happy to share the fruits of our hard work! 😉

I hope this blog post is helpful to you. I certainly wish I knew all of these tips when we started the process. If you’re exploring ISO certification, connect with me on LinkedIn and I’ll be glad to share my insights!

An IT match made in… Belgium! Aikido Security, a SaaS startup from Ghent, will provide application security to The Cronos Group, an e-business integrator headquartered in Kontich, with over 5,000 clients across their 570+ companies in the Benelux region. This strategic partnership is set to fortify The Cronos Group’s security posture and Aikido Security’s influence in the cybersecurity industry.

Stronger security posture with Aikido

The Cronos Group is now a new Aikido client. In this context, The Cronos Group is in the process of implementing Aikido’s security solutions across many of its software development companies. Why is this useful for The Cronos Group? Not only does it help establish a stronger security posture for each company in its network, but it also creates another great advantage. Aikido pulls it all together for Cronos, which will gain a more insightful and standardized global overview of the security posture of these companies than ever before.

Beyond that, Aikido entrusts The Cronos Group to become a true partner as well. In this context, Cronos will be able to provide Aikido to its customers so they, too, have the opportunity to benefit from Aikido’s services. On top of that, Cronos and Aikido actively work together to further improve the product features.

Aikido’s unique set of security tools and ability to reduce false positives will deliver efficiency to the development teams in The Cronos Group’s network of companies and customers. This means less disruption from unnecessary alerts leading to more focus on writing code. The Cronos Group aims to help companies find creative, high-quality, and profitable ways to make the most of potential new technologies. Therefore, this partnership aligns perfectly with its mission.

Aikido pulls it all together in a dedicated “Security Partner Portal”. Through this partner portal, The Cronos Group is able to gain a more insightful and standardized global overview of the security posture of their companies than ever before.

The Cronos Group and Aikido comment on their partnership

The Cronos Group can’t wait to get started with Aikido.

The Cronos Group has always been supporting innovation and entrepreneurship, including cyber security. We’re always on the lookout for partners to strengthen our alliances. Through Aikido, we want to enable our developers and clients to build in security from the first line of code. By combining automation with intelligence, they can focus on the business value while safeguarding their own scarce time and keeping the exposure to a minimum.
Jonas Buyle, Cronos Security

Meanwhile, what benefits does this new partnership bring to Aikido? "We're thrilled to welcome The Cronos Group to the Aikido Security family,” explains Aikido cofounder and CEO, Willem Delbare. “As both a customer and a reseller, The Cronos Group represents a key partnership in our mission to make managing your security posture simple. Our collaboration promises to provide unparalleled insights into the security posture of the portfolio of companies within The Cronos Group. Together, we aspire to elevate the standards of application security across the board."

About Aikido Security

Aikido Security is a developer-first software security platform. We scan your source code & cloud to show you which vulnerabilities are actually important to solve. Triaging is sped up by massively reducing false positives and making CVEs human-readable. Aikido makes it simple to strengthen your security posture to keep your product secure. And, it gives you back time to do what you do best: writing code.

About The Cronos Group

The Cronos Group is an e-business integrator delivering high-quality ICT solutions to enterprises and government entities in the Benelux region. The Cronos Group was founded by and for ICT technologists with the goal of helping them grow their careers and entrepreneurship. This mission expanded to include creative professionals in order to jointly design and implement creative and technologically leading solutions for its customers. Since its inception in 1991, The Cronos Group expanded from a one-person operation to a group of companies employing over 9000 professionals across 570+ companies.

It’s always great news when we hear about a customer’s delight when using Aikido Security. But, we don’t want to keep all the good stuff to ourselves! Let’s focus on Loctax, the first-ever collaborative tax governance platform for global in-house tax teams.

Loctax delivers its tax services to companies such as Wise, PedidosYa, Iba, Luxottica, and Trainline. For Loctax, it’s vitally important to go above and beyond to ensure the security and compliance of their environment and customer data.

Together, we improved their triaging speed by reducing false positives and irrelevant security alerts. But, we didn’t stop there. We also improved Loctax's security posture while it accelerated product development. Overall, the result has been saving valuable time and money. As Loctax reduces tax risk headaches for its customers, Aikido reduces security risks for Loctax.

The challenge: striking a balance between speed and security

Loctax faced a common dilemma. How could it balance rapid product development with uncompromising security? The pressure was on to deliver top-notch solutions for its customers. Meanwhile, Loctax also needed to safeguard sensitive tax data and stay compliant with the highest security standards. On top of that, they needed to do this with a small team while optimizing for cost.

However, Loctax encountered obstacles with its existing security solution. False positives were more abundant than snow in Alaska, consuming valuable time in triage and analysis work.

This is no surprise to us. In our recent consultations with SaaS CTOs, false positives ranked as the number two security flaw with their current security software choices. These CTOs also ranked eliminating false positives as the second most important activity to achieve strategic business outcomes. So it turns out that Loctax’s needs fit right in with what SaaS CTOs are telling us. And, let’s face it, false positives also desensitize you from looking at the things that really matter.

Meanwhile, overlapping findings from different tools created another roadblock on their path to being secure. The lack of tool integration made it challenging to get a central overview of real security priorities.

To top it all off, the subscription costs of the security solutions they were already using were surging due to rapid team growth. This fee-per-head pricing method was putting a strain on their security budget.

Put all this together, and it became clear to Loctax’s CTO and co-founder, Bart Van Remortele, that he needed to change the company’s approach. He decided to find new tools to combat these challenges and discovered Aikido Security.

Aikido Security delivers results for Loctax

Switching to Aikido Security’s product was a game-changing decision for Loctax and has brought many positive outcomes.

Auto Triage: the power of efficiency

Our auto triage feature emerged as a true black belt! It filtered out the noise and false positives that had been distracting. Not only that, but we also provide a custom vulnerability reachability engine. This checks if a vulnerable function is actually reachable.

With this pesky clutter cleared out and real vulnerabilities clearly identified and prioritized, Loctax's development team was able to become more efficient and productive. They boosted productivity by saving precious time that was previously lost to unnecessary investigations.

A unified dashboard: harmonizing security workflow

Aikido, the martial art, provides skills to defend yourself effectively while using the least amount of effort. Aikido Security applies this principle. For Loctax, we supplied a single dashboard that became the hub of security operations.

Integration into Loctax's existing tech stack was a breeze. Aikido offers a comprehensive view of all security issues without the headache of overlapping notifications. When critical security events arose, timely alerts popped into their relevant Slack channels. Therefore, with effortless integration into project management tools, Aikido smoothed out security task management.

Cost savings: 50%

Consolidating the security toolset proved to be a masterstroke. Consequently, Aikido Security's impact on Loctax's finances was significant. The result? A remarkable 50% reduction in security operations costs. Yes, you read that correctly - 50%! As Loctax's team continued to grow, its security expenses no longer created budget headaches. This left more resources for Loctax’s core mission: providing in-house tax teams with a new standard for tax management and operations.

Aikido Security helps defend your SaaS

Let’s be clear: there is pressure on SaaS companies to pursue first-class security, and Loctax is no different. But, it’s extremely hard for a team focused on developing a product to also manage the complexity of their whole security posture in-house. Our partnership with Loctax exemplifies the transformative power of Aikido Security for companies in this situation. Loctax can fully focus on collaborative tax management for in-house tax teams, and Aikido keeps it secure.

We have replaced our previous solution with Aikido due to its superior performance and effectiveness. - Bart Van Remortele, CTO and co-founder of Loctax

By embracing Aikido's solutions, Loctax optimized its security posture and eliminated false positives. This saved precious time and achieved remarkable cost efficiencies. Their development team's speed remained unshaken, and their security became stronger than ever.

Aikido Security helps defend your SaaS

Make your first tai-sabaki with Aikido by scanning your repos for free. In less than 2 minutes, you'll gain valuable insights into your security posture. Empower your organization, boost development, and embrace the peace of mind that comes with a solid security defense.

Download our Loctax customer case study.

GHENT, November 14th 2023

Aikido Security, the developer-first software security app for growing SaaS companies, today announces it has raised €5m in a Seed round co-led by Notion Capital and Connect Ventures; with investment from Inovia Capital Precede Fund I, led by partners Raif Jacobs and former Google CFO Patrick Pichette; as well as an impressive roster of angel investors including Christina Cacioppo, CEO of Vanta.

The investment will go towards developing the functionality of the software, in particular ensuring that Aikido’s user-experience and auto-triage is best in class, while keeping the product simple; hiring staff across the product, development, marketing and sales teams; and further growing the Aikido customer base, with a particular focus on solidifying and expanding its already strong foothold across Europe and North America.

As CEO & CTO of Aikido, Willem Delbare explains, “SaaS companies that are building their platform often ‘secure’ their new software by installing numerous scattered tools. This can generate a lot of noise for the developers and throw up a myriad of disparate ‘false positives’, which require attention, but pose no real threat. This causes a huge burden on the staff managing platform security. The problem is only exacerbated by growth -- which can happen quickly in SaaS -- creating huge headaches for the staff responsible for security.”

Delbare continues “Alternatively, if startups choose not to install these tools, they may instead adopt expensive security software solutions which only cover a few factors of application security. Companies are then left with huge gaps in their software’s security, despite their investment. Due to their cost, vulnerability scanners are mostly tailored to larger enterprises, with SME and mid-market companies left without a viable solution to their growing platform’s security.”

Aikido is on a mission to simplify SaaS security with its all-in-one tool that consolidates various application security features. Instead of disjointed solutions, this unified approach enhances control and significantly cuts down on false positives. So far, the company has saved over 1,500 developer working days that would otherwise be spent on false positives. Aikido ranks vulnerabilities by severity, ensuring critical issues are addressed first. Plus, all security data stays within the platform, ensuring safety regardless of staff changes and aiding in business continuity.

Delbare, continues, “Throughout my career I have built multiple SaaS startups, and wasted hundreds of hours piecing together a patchwork of tools needed to secure a new platform. In starting Aikido, I saw a better way to identify critical breaches whilst downgrading the distracting ‘non-issues’ that waste an engineer’s time. We are the only company in Europe doing this, demonstrating a renewed energy for startups in the continent. Our customers now include startups, as well as companies that have grown to over 300 developers - which has resulted in over 1000 total installs in just one year - a rarity in the world of new SaaS solutions. Looking forward, we want to out-do our competitors by offering a solution tailored to those who have yet to find a product that meets their needs.”

Kamil Mieczakowski, Partner at Notion Capital says, “As the pressure on small and mid-sized businesses mounts to demonstrate ever-increasing levels of cyber resilience, the landscape of security tools available to them continues to present challenges, characterized by fragmentation, complexity, and cost. Aikido provides a powerful yet easy-to-use end-to-end solution for code and cloud security, empowering any business to secure itself and its customers through a single tool capable of transforming every developer into a security expert. Despite being only one year old, the company is already scaling rapidly, and we're thrilled to support them on this exciting trajectory alongside our friends at Connect Ventures and an incredible group of angel investors and advisors.”

Pietro Bezza, Co-Founder and Managing Partner at Connect Ventures says, "In this new b2b software world, businesses seek SaaS products that combine efficacy with efficiency, value for money, simplicity and focus. We are in the era of the Great Bundle. Driven by the need for efficiency, customers are consolidating point solution software into full-stack software suites. Aikido all-in-one platform for software security fits extremely well with this new framework. We couldn’t be more thrilled to back Willem, Roeland and Felix in democratising access to the best security toolings for every company's size and budget."

Aikido offers the fastest way for a growing SaaS company to secure its platform. The application delivers swift, customer-led onboarding with an instant view of all the critical vulnerabilities to be solved - typically in only a few minutes - lending users the time to focus on core business functions. With world-beating noise reduction, Aikido is able to massively reduce the number of false positives. It adopts a ‘shift left’ approach, the goal of which is to prevent security issues from entering the code which means that if anything goes wrong during the development process, it can be fixed before any breach occurs or that code reaches production.

Designed for SaaS companies, Aikido is a crucial component for meeting critical industry compliance standards, including SOC2, ISO 27001, CIS, HIPAA, and the upcoming European NIS 2 Directive.

About Aikido Security
Aikido is an all-in-one solution that brings together multiple aspects of application security in one intuitive platform. This inclusive approach provides greater control for end users, drastically reducing the number of false positives during security checks. Aikido is founded by Willem Delbare (former founder of Teamleader and Officient), Roeland Delrue (former Showpad), and Felix Garriau (former nexxworks) and venture-backed by Notion Capital, Connect Ventures, and Syndicate One.

We’re proud to announce that Aikido Security recently attained ISO 27001:2022 certification. This is a big milestone for us and demonstrates our commitment to information security.

What is ISO 27001:2022?

ISO 27001 is a globally recognized standard for the establishment and certification of an Information Security Management System (ISMS). The 2022 version of this certification ensures that Aikido Security is aligned with current best practices in information security management. We specifically chose the 2022 version (over the 2013 & 2017 versions), as this new version focuses more on secure coding, threat detection, etc. These are items that we consider important and relevant to a software company.

Achieving ISO 27001:2022 compliance is a significant accomplishment for Aikido Security. It underscores our dedication to providing secure and reliable solutions to our clients.
Willem Delbare, CEO of Aikido Security

What motivated Aikido to pursue ISO 27001 certification?

We're a challenger in the security space and one of the first things we ask from new customers, is that they give us read access to their codebase. That's a big deal. And we understand - and agree - that's a big deal.

For customers to comfortably trust us with their codebase, they need to trust us as a company and trust our product. Becoming ISO27001 compliant is a huge leap forward in building and proving that trust.

What we learned on the path to ISO 27001 compliance

In a future blog post I’ll lay out my key learnings, but I want take this opportunity to share some brief insights about our journey.

Our ISO 27001:2022 journey

We got through the whole process in about six months. We had previously implemented SOC 2, so we already had many policies, documents and best practices in place. This allowed us to re-use and apply a lot of that to our ISO.

Because we firmly believe in using the right tool for the job, we took the opportunity to take a modern approach and used Vanta, which automates a lot of the work required to obtain ISO 27001.

Achieving ISO 27001:2022 demands patience and commitment. It's essential to surround yourself with reliable partners and gather knowledge beforehand.
Roeland Delrue, COO & CRO of Aikido Security

The high-level process

1. Internal audit (pre-audit)

You can think of the internal audit as a 'general rehearsal' or 'mock audit', to make sure you're ready to do the 'real' audits. The internal audit makes sure you didn't miss any obvious things that you wouldn't be able to remediate in the later stages.

Quick tip: Use a good internal or external pre-auditor. This really helps you get set up correctly. Unless you have relevant and proven experience in ISO, it’s probably best to hire an external pre-auditor. Leveraging their experience will prove really valuable.

2. Stage 1 audit

Stage 1 is largely a “tabletop audit” or documentation review
This audit consists of an extensive documentation review. An external ISO 27001 auditor reviews policies and procedures to ensure they meet the requirements of the ISO standard and the organization’s own Information Security Management System (ISMS).

3. Stage 2 audit

Stage 2 is a full-on system audit with lots of control testing
The auditor performs tests to check that the Information Security Management System (ISMS) was properly designed and implemented and is functioning correctly. The auditor will also evaluate the fairness and suitability of the organization’s controls to determine whether the controls have been implemented and are operating effectively to meet the ISO 27001 standard requirements.

4. Certification

After you’ve remediated or come up with an action plan for your non-conformities, you’re ready for validation. ISO 27001 non-conformities are categorized as minor, major, or opportunities for improvement (OFIs). It’s of course critical to show you’ve remediated or you can clearly show you’re on a path to remediate all major non-conformities.

And then... it’s time to get your certificate 🎉🥳

How long does it take to become ISO 27001 compliant?

You can’t do it in less than two months. And that assumes that you have everything ready to go, including a pentest and auditor.

Even then, you might need a few months to make sure you encounter enough information security events, as some processes can only take place when a certain event happens (e.g. onboarding or offboarding an employee).

You also have to show that you can remediate non-conformities and demonstrate that you’re able to collect evidence. This process involves identifying the event, logging and classifying it, and thoroughly documenting the information security event.

How much does becoming ISO 27001 compliant cost?

Depending on how in-depth the pre-audit and pentest go, the whole process will typically cost you USD 20,000-50,000.
You’ll need to pay for the following:

• Pre-auditor
• Pentest (you can leverage this from other compliancy tracks, e.g. if you’re already doing one for SOC 2)
• Compliance platform license (we definitely recommend using this)
• Auditor
• Vulnerability and/or malware scanner licenses (e.g. Aikido Security)

The cost depends greatly on multiple factors, key ones being:

• The size of your company (If you have lots of employees, processes, offices, developers,... audit costs dramatically increase)
• Cost of the pentest (USD 3-30k, depending on what type of pentest you do and who performs it)
• Depth of the audits
• Compliance platform (e.g. Vanta)

ISO 27001:2022 technical vulnerability management

On your own path to ISO27001:2022 certification? Aikido Security fulfills all technical vulnerability management needs for ISO 27001:2022 applications. We also sync with Compliance Monitoring Platforms (like Vanta) to ensure that your vulnerability information is always up to date. This means that you can rely on accurate risk assessment and efficient remediation.

Request our report

Feel free to request our own ISO 27001:2022 report directly in our trust center.

Losing sleep imagining bad actors infiltrating your awesome new startup’s code? Not anymore! Aikido Security has designed startup security to be affordable, efficient, and fill the needs of CTOs. Let’s have a look at how Aikido transformed StoryChief’s security posture.

We love hearing about the experiences of our customers and partners, especially around startup security. We recently spoke to StoryChief’s co-founder and CTO, Gregory Claeyssens, and we were thrilled to hear about his success story using Aikido Security. In this customer case, we'll break down that conversation to show you how Aikido improved StoryChief’s security posture. And, in doing so, how it allowed Gregory some work-life balance – aka, sleeping better at night! (CTOs, we bet that sounds nice!)

💡 BTW, don’t forget to download our StoryChief/Aikido customer case at the end of this blog post.

What is StoryChief?

Founded in 2017 and headquartered in Ghent, Belgium, StoryChief is a startup offering a user-friendly, all-in-one content marketing solution. StoryChief empowers marketing agencies and content teams to streamline their content production and management. Or, as StoryChief says, ‘End content chaos.’

StoryChief’s collaborative and intuitive platform includes content planning, distribution, scheduling, and AI writing tools. It’s gained significant attention. Notably, StoryChief has raised $5.7 million in funding. That’s a testament to its innovative approach to providing comprehensive content marketing solutions. Currently, StoryChief has a large dedicated development team. And, engagingly, their logo is a likable sloth!

💡 Learn more about StoryChief and what it offers by visiting its website: https://www.storychief.io.

Startup Security Challenges

As StoryChief grew, managing the security of its code base, repositories, and infrastructure became increasingly complex. Gregory and his team found themselves in a challenging position to stay ahead of potential security vulnerabilities.

Being behind the security curve: Managing its security posture became more and more worrying. Gregory worried that he might be missing or overlooking something crucial. That led to unnecessary stress and concerns.

Using incomplete and pricey security tools: StoryChief used security tools that provided some peace of mind. But, there were two main obstacles with these. They didn’t meet Gregory’s full set of security requirements and didn’t target CTO needs. Additionally, there was an unexpected change in pricing by their main security tool provider.

Notification overload: Notifications should be useful and relevant. However, using multiple security tools led to an overload of notifications. This led to three results:

1. Some notifications lacked contextual information and accuracy,
2. Overwhelming numbers of notifications became white noise and, therefore, ignorable (they simply lacked value).

In a nutshell, inefficiency drained valuable resources and time. But, despite these headwinds, Gregory managed security effectively and didn’t experience any major security incidents. However, he felt unsettled due to the limitations and costs of their existing tools. Subsequently, this prompted him to search for a better solution.

How Aikido Security helped improve StoryChief’s security posture

StoryChief's journey to a better security posture led them to Aikido Security, which also enabled StoryChief to transition from a reactive to a proactive security approach.

No nasty price tag: Startup security should be affordable, and Aikido has startup-friendly pricing. This offered StoryChief a cost-effective solution. At the same time, Aikido boosted their confidence in their security posture thanks to the next two benefits.

I’m a CTO, not a security engineer: The various tools StoryChief had been using mainly targeted security engineers. However, unlike those tools, Aikido tailors its features and rules to the specific needs of CTOs and developers. Aikido also supplies a continual stream of new rules and features specifically designed to help CTOs out.

Tell me when it’s important and relevant: One of Aikido’s key strengths and USPs is reducing false positives. Aikido’s targeted alerts, therefore, provide StoryChief with real, actionable insights rather than overwhelming and ignorable notifications.

Shared ownership: Not only that, Aikido’s notifications are automatically shared with the dev team via Slack, fostering transparency and shared responsibility for security. In this way, Aikido also provided a team-working result. It helped Gregory with his goal of creating a more team-focused effort to manage the security posture.

StoryChief CTO sums up Aikido’s impact

"Aikido was exactly what I was looking for for a long time - the combo of features, being startup-focused, and the entry price. Aikido's made the team aware of security issues. It's created a sense of shared responsibility, engaging everyone in maintaining our security posture."

Aikido as Startup Security Insurance

Aikido Security is like an insurance policy for StoryChief's security. It offers budgetability and precision. Aikido also offers a clear focus on what really matters for Gregory and his team. With Aikido, StoryChief has not only improved its security posture but also empowered the CTO’s team to take ownership and work transparently. Aikido provides the ordered consolidation and prioritization of information needed to address security concerns.

Most importantly, it has given Gregory a high level of confidence in the security of the product:

"There are always vulnerabilities left - that's normal - but with Aikido at least I know! I have a very good idea of our security posture."

Download the StoryChief customer case

Download your own copy of the StoryChief X Aikido Security customer case: