Want a hardcopy to share? Download as PDF
- Australian Government Logistics Enterprise
- 32,000 Employees
- $7 Billion in Revenue
- Seeking a tool to help developers work faster and more efficiently.
- Interview: Manager, Application Security
EXECUTIVE SUMMARY
- A large Australian Government Logistics Enterprise, with 32,000 employees and $7 billion in revenue, was seeking a tool to help developers work faster and more efficiently.
- The effort aimed to give the large developer team a view of all of their assets and vulnerabilities in one shared location to allow for prioritization, tracking, and a view into their coverage.
- After 5 months doing product evaluation across 8 solutions, none filled the gap they needed to solve. On a whim, the AppSec Manager asked industry colleagues if anyone had solved this problem and was recommended Nucleus, a brand-new company at the time.
- Nucleus became transformational to the enterprise’s broader security process, successfully aggregating the data in a way they envisioned, improving visibility and workflow efficiency, and giving them the tools to transition from a mindset of “DevOps” to one of “DevSecOps”.
THE
CHALLENGE
“After evaluating 8 tools across 5 months, I was ripping my hair out. None of them did what we actually needed. I couldn’t believe no one had solved this.”
As the manager for Application Security for the Australian Logistics juggernaut, enabling his developers to get to production as quickly and as securely as possible was constantly top-of-mind. There were so many tools already in place and an impossibly large amount of data, with no way to take that data from the input sources and place it into a single platform where the developer team could make valuable use of it.
“No vendors were providing vulnerability aggregation for AppSec, especially from the developer-first point-of-view. There were lots of security tools, but no developer security tools. I really hit the wall. I started to wonder if we’d have to sink many years and millions of dollars into building what we needed internally. It was frustrating.”
At his wits-end, the AppSec Manager reached out to a Slack community he belongs to, which includes security practitioners across different industries. After explaining his use-case, he asked simply… “Has anyone done this? What is everyone doing? I can’t be alone here.” One member of the community recommended he look at Nucleus.
“He told me ‘we just put in Nucleus and we really like it’… Oh, and the clincher for me: he said ‘and the pricing doesn’t suck either!’ so, I checked them out.”
“There was maybe one other platform that deserved consideration. But, they were so unrealistically expensive, even for an enterprise of our size to pay, it made no sense.”
EVALUATION
AND
EVOLUTION
The AppSec Manager dove into due diligence of his own. He recognized some promise in Nucleus, which at the time was new to the market without the impressive customer list of today. He requested an exploratory call – where he was floored by the candor he received.
“They really echoed my sentiments, without even knowing what those were at the time of that call. They told me this is an evolving industry, there’s nothing mature in this market to solve what I need, but they’re at the forefront and if I partner with them at this stage, I can help influence it to be the tool we needed. They basically sold me by telling me they couldn’t solve my problem right away. But I knew they ‘got it’.”
Nucleus was deployed to the enterprise and evolved with the broader security program. A core tenant of Nucleus is to “work the way that you do”, showing a willingness to be flexible and evolve the solution to tackle the real-world problems that customers are facing.
“We talked and Nucleus listened. We told them what we needed that wasn’t already part of the platform, and they went out and built it. The uptake was tremendous as our team started to see the power and became invested.”
SEE WHY CUSTOMERS LOVE WORKING WITH US
THE
RESULTS
Nucleus is now the central source of data for “everything” at the enterprise’s security operations, and has expanded in scope and adoption into other business units. By having a complete picture of their assets in one shared platform, developers can better prioritize their work while also giving product managers insight and focus to optimize the security posture of their product.
“We set out to give power to the developers to visualize their data. We really wanted to remove the smoke and mirrors and put the security data directly in their hands without a middleman. Nucleus helped transform everyone into one large team, where everyone feels accountable for security.”
Nucleus helped shift the culture by bringing vast sets of data from disparate tools into a central hub and giving users that information across function. Using the Nucleus platform for unified vulnerability management enabled the enterprise to get vital security information out from behind the curtain of the security team and into the hands and desktops of the developer team. Developers now take direct responsibility for security in their area and can act on the information in their lane.
“Nucleus cares and wants to build with you as a customer. I wish I would’ve found them sooner!”
Nucleus remains committed to evolving with customers and their needs. To see for yourself, request a 2-week free trial or watch a demo-on-demand.