BoxyHQ helps developers automate product security, and it provides low-code APIs to enable enterprise compliant security via simple and efficient integrations. Including SAML SSO, audit logs, directory sync, and privacy vault.
Through its commercial open source shift left approach it intends to become the main Developer Security Orchestration Platform in the market – DevSecMesh.
Tell us about yourself?
Before building BoxyHQ I used to be an angel investor at Salsa-Ventures, and I was the AWS Connections Lead @Amazon for Europe, Middle East, and Africa; and I’m also former Head de Aceleración en Wayra UK & Peru.
Previous experience is as an entrepreneur and at companies such as IBM, Groupon, etc.
Deepak Prabhakara is my co-founder, and he is the main reason why I ended up building BoxyHQ. He has experienced first hand the challenges of adding enterprise compliance security into software products and he had the original idea.
We first met when Red Sift (where Deepak was the CTO) joined the Wayra Accelerator. I was heading the Wayra Accelerator and we have worked closely together since then, became good friends and re-connected to validate and begin working on BoxyHQ.
If you could go back in time a year or two, what piece of advice would you give yourself?
Two years ago the world changed for everyone, so it’s a tricky question, but I would say: Failure is not the opposite of Success, is just part of it. So keep moving and don’t give up!
What problem does your business solve?
It is estimated that worldwide, cyber crimes will cost $10.5 trillion annually by 2025. And 70% of development teams always or frequently skip security steps due to time pressures when completing projects.
Organizations should provide developers with the right tools to do their job securely. But instead, they focus on providing productivity tools and are leaving the security responsibilities to the CISO’s team.
What is the inspiration behind your business?
Our combined experience of building for enterprises, and connecting them with startups made us question the status quo and think outside the box to help teams add enterprise compliant security via simple and efficient integrations.
That is how things started, but soon we realized that there were bigger problems out there, like the gap that exists between Compliance and Security, and most importantly how developers are usually left out of product-security tools, when in fact they are the ones building things.
These are the reasons why we help developers automate product security, providing them with low-code APIs. And through our commercial open source shift left approach we intend to become the main Developer Security Orchestration Platform in the market – DevSecMesh.
Our first use case is on Enterprise Readiness, providing enterprise-ready features, these include SAML single sign on (SSO), audit logs, privacy vault, and directory sync.
What is your magic sauce?
We are the only ones doing this with an open source ethos, which makes sense considering that developers overwhelmingly choose open source software, in the long term a strong community can become your best distribution channel; and it allows us to create and drive a standard for developer security.
What is the plan for the next 5 years? What do you want to achieve?
Our objective is to do an IPO in 9 years; so 5 years from now we plan to be in the middle of that path.
What is the biggest challenge you’ve faced so far?
Since we are an early stage startup, I would say that the biggest challenge we face is at the same time the most important learning.
For example, the economic crisis has changed the landscape for the whole the startup ecosystem, which is a great benefit for creating sustainable business models.