Matt Konda started Jemurai to bring software developers a different approach to security. After 15 years of writing code, running agile teams, and doing software architecture, Matt wanted to engage developers in a constructive way instead of just pointing out flaws and breaking things. Since then, Jemurai has brought this collaborative approach to 100’s of companies.
Engaging developers with training and tool automation, and building connections between developer and security communities was a successful formula. Jemurai got involved in the Ruby, Java, and Clojure communities and contributed to open source security projects. Matt brought this approach to OWASP where he served on the global board and as chair. As Jemurai became involved in the local development community in cities around the country, smaller niche startups using Clojure, Elixir, Scala, and Python started to find us because of our involvement in the community.
Jemurai started to grow. Many of the current team started over the next year or two. We still did mostly consulting, but we worked on some larger secure development projects and found more ways to work with small startups, who typically didn't have money for larger scale training or application security initiatives but needed help with their security story.
Jemurai was building out a security program with a startup that was revolutionizing manufacturing through commercial 3d printing. At first we created policies by hand with Github markdown and word documents and spreadsheets based on NIST 800-53.
A UX advisor named Carri Craver asked us "Who are you heroes to?" We realized that our work enabled small, innovative tech like this startup to compete for enterprise business with larger security conscious customers.
We started building securityprogram.io (SPIO).
We thrive helping small tech companies because we are one of them; we're going through the same challenges and making the same tradeoffs. These companies come to us with excitement and energy and we feel as though we are enabling them to take on bigger and better things! It is the coolest feeling in the world when they look back at us and tell us we were part of their success.
As the securityprogram.io platform grew, we added to the tool and built a team and processes to consistently build out security programs for our small tech niche customers. Our solution has helped clients pass SOC 2 Type 2 and ISO 27001 Audits.
In 2023, we continue to have excellent technical security services - and the securityprogram.io platform continues to grow, we are focusing on making great security simple and accessible to small tech companies.