Matt Konda started Jemurai to bring software developers a different approach to security. After 15 years of writing code, running agile teams, and doing software architecture, Matt wanted to engage developers in a constructive way instead of just pointing out flaws and breaking things. Since then, Jemurai has brought this collaborative approach to 100’s of companies.
Engaging developers with training and tool automation, and building connections between developer and security communities was a successful formula. Jemurai got involved in the Ruby, Java, and Clojure communities and contributed to open source security projects. Matt brought this approach to OWASP where he served on the global board and as chair. As Jemurai became involved in the local development community in cities around the country, smaller niche startups using Clojure, Elixir, Scala, and Python started to find us because of our involvement in the community.
Jemurai started to grow. Many of the current team started over the next year or two. We still did mostly consulting, but we worked on some larger secure development projects and found more ways to work with small startups, who typically didn't have money for larger scale training or application security initiatives but needed help with their security story.
Jemurai was building out a security program with a startup that was revolutionizing manufacturing through commercial 3d printing. At first we created policies by hand with Github markdown and word documents and spreadsheets based on NIST 800-53.
A UX advisor asked us "Who are you heroes to?" We realized that our work enabled small, innovative tech like this startup to compete for enterprise business with larger security conscious customers.
We started building securityprogram.io (SPIO).
We thrive helping these smaller tech companies because we are one of them; we're going through the same challenges and making the same tradeoffs. These companies come to us with excitement and energy and we feel as though we are enabling them to take on bigger and better things! It is the coolest feeling in the world when they look back at us and tell us we were part of their success.
Smaller companies typically start with our securityprogram.io product and ‘grow’ into our Jemurai consulting services such as penetration testing, code review and building a robust application security program.