As part of our 'Start-ups and their Stories' series, TEISS talks with Bluefyre's CEO, Tim Buntel, about challenges, mentors and the inspiration that is the cloud...
What’s your idea?
DevOps and modern cloud technologies have dramatically increased the velocity of software development - 46 times more frequent deployments in high-performing teams. At the same time, hackers continue to exploit application vulnerabilities, costing companies millions. But most developers aren’t security experts and companies face a dire shortage of skilled security professionals. To be able to keep up with the demand, developers need to take independent steps to secure their own software. Bluefyre empowers developers to build security into their own applications, even when they’re not security experts and don’t have access to one.
What’s the story behind the idea?
We are both developers ourselves, and we’re amazed by the lack of attention paid to developers regarding security. Most security vendors sell products to separate security teams at companies with mature security programs (and big budgets!) while ignoring the developers who actually build the apps that need to be secured. We wanted to build a product that we would use - that could improve the security of our own apps - and share it with companies that don’t have the budget for large formal security teams.
Who is your target audience? Who might benefit from it?
Bluefyre is ideal for developers building cloud native apps and microservices - generally using containers - who don’t have access to a formal security team. Bluefyre can detect and halt attacks underway in production, but it also helps developers learn how to fix the underlying vulnerabilities by giving code samples and secure coding instruction.
What’s your USP? Why will you succeed?
Most security solutions are built by security people and sold to security professionals at the largest firms. They don’t fit with developers’ workflows, and they aren’t appropriate for the vast majority of organizations who lack a formal security team. We’re developers helping other developers build better software, full stop. Good software should be secure, so that’s what we help our customers achieve.
Which stage are you at? What is your next stage?
Our product is functionally complete, and the beta is available for anyone to try. We have been bootstrapped since forming the company last year, and are in the process of raising a seed round now.
Do you have any clients yet? Are any of them paying clients?
We are not charging customers to use the beta; we’re more interested in feedback at this point. We have a number of teams using the product today in companies ranging from small startups to global brands.
Is there a quote that inspires you?
“A problem well stated is a problem half solved.” Inventor, Charles Kettering
Is there a place that inspires you?
The cloud! Not a physical place, but a place that is driving fantastic innovation across every type of business in the world.
Do you have a mentor?
We have incredible domain insight from mentors including Scott Behrens, senior application security engineer for Netflix. And we are learning a tremendous amount about the industry from cybersecurity company leaders like Sam Curry, Chief Product Officer and Chief Security Officer at Cybereason, and Lee Weiner, Chief Product Officer at Rapid7.
What is your advice for people with a cyber idea?
Focus on the value proposition first - do you solve an immediate and pervasive problem uniquely well? And then dive right in! Thanks to cloud computing and SaaS products, it costs nearly nothing to test an idea and start selling long before you need to raise capital.
What have been the toughest challenges you’ve faced along the way?
It can be difficult for enterprise software companies to find early adopters. Developers are extremely busy, so they’re reluctant to spend time evaluating an unproven product. To overcome that, we make sure to deliver an extremely easy, frictionless user experience. It literally takes five minutes to set up Bluefyre on an application, and you immediately get protection against major security problems.
What have you learnt through the process?
We’re only a few weeks into the Cybersecurity Factory program, but we’re already learning a lot about the value of professional networks to a startup. Don’t be afraid to ask for help; there are lots of people out there who want to see you succeed.