On the morning of May 19, 2021, the ten finalists for the RSA Innovation Sandbox Contest readied themselves to deliver their virtual three-minute pitch to compete for the title of “Most Innovative Startup.” Among the presenting finalists was Brittany Greenfield, founder and CEO of Wabbi, a Continuous Security company focused on centralizing and orchestrating security governance for development teams.
Over the last few years, the RSA Innovation Sandbox Contest has become a “who’s who” of the security startup world, and for good reason. Since the contest began, the finalists have been part of more than 50 acquisitions and raised $8.2 billion in funding. As the announcer introduced her, Brittany took a deep breath and began, knowing the next 180 seconds was her chance to showcase why Wabbi deserved its place as one of the most promising young companies in security today.
I met Brittany shortly before RSA. Right away, I was intrigued by the problem statement she was tackling: bridging the divide between the agility that DevOps teams want with the rigorous standards that security teams demand. Over the last few years, I’ve seen dozens of companies grapple with how to solve for this complex tug-of-war, knowing that application security represents one of the most critical underpinnings of a business’s day-to-day operations and success.
When I sat down with Brittany and learned about Wabbi, there were two things that immediately stood out: her vision for the market and her own journey to defining that vision.
Brittany’s Journey: The Early Days of Wabbi
Brittany says she’s a “security outsider.” While she came from a family of enterprise techies where software was regular dinner table conversation, she didn’t make her foray into security until several years into her career. Instead, she began in technical implementation and go-to-market strategy for small startups and large enterprises like NetSuite, UKG, Kronos, Hubspot, and OpenAir.
It wasn’t until Brittany pursued an MBA at MIT Sloan and interned in Cisco’s IoT group, that she was introduced to security - a core foundation to successful IoT implementations. In her first position after business school at Cybereason, she realized that while the endpoint is important, it’s only one piece of the puzzle. The fundamental issue she discovered is that nine out of ten breaches begin because of defects in code. That realization is what laid the foundation for Wabbi.
Solving the problem would require bridging the gap between DevOps and security, two teams with distinct objectives and cultures: “Decision-making in security is very binary – black or white? A or B? Whereas in development, there’s more gray area and you might decide that the code is good enough to ship now, and you’ll tweak it later.
With an initial wireframe for how to tackle the problem in hand, Brittany began a one-woman roadshow to meet with CISOs from companies of all sizes and in a range of industries to try and convince them to buy her product. “Over and over again, the answer kept coming back as no – not because it wasn’t the right problem to solve, but they said that I was going about it the wrong way,” says Brittany. “Basically, I was looking at it purely from a security lens, when I really needed to look at it from a process lens.”
With this feedback in mind, she focused on how to make security governance simpler within the development process and went back to the drawing board. It was also around this time that she came up with the name for the company: Wabbi, inspired by a poster hanging on her wall. “Wabi-sabi is a Japanese phrase that means to accept imperfections. I realized I had to accept that code is not perfect, so therefore security cannot be perfect. That became a core tenant of the company.”
Cisco and Wabbi: Investing in Application Security and Female Founders
Fast forward to today. Cisco Investments is excited to announce its investment in Wabbi’s seed round alongside Mendoza Ventures and Work-Bench Capital. Not only does Wabbi operate with the maturity and poise not typically seen in even a Series A or B company, but the team Brittany has also assembled is impressive by any standards.
There’s no question that the enterprise tech venture space – especially cybersecurity – is starved for diversity. As investors, we have a responsibility to be a driving force for change. That's why in 2020, Cisco, in partnership with Cisco Investments, launched the Aspire Fund, a $50 million venture investment fund to help finance and scale diverse-led startups and venture funds over the next five years. Since launching, we’ve invested in several venture funds, including Work-Bench Capital, L’ATTITUDE VENTURES, and Acrew Capital. The investment in Wabbi represents one of Aspire’s first direct investments in a female-founded startup.
For Brittany, it wasn’t only about succeeding as a female founder, but also doing it her way: “I’m not going to sugarcoat it – it’s a challenge being a female founder in a highly underrepresented industry like security. I don’t see others like me, which in itself can be limiting. I had no intention of becoming someone I thought investors wanted me to be. Instead, my feeling was the right investors will invest because they’ll realize the power of your perspective. Yes, I’m more of a security outsider. Yes, I’m a woman. But as Einstein said, ‘We can't solve problems by using the same kind of thinking we used when we created them.’”
When it came to finding the right investors, Cisco made sense for Wabbi because we share a similar philosophy of the market: that application security isn’t just about lines of code but about everything the code touches. That's why over the last several years, Cisco has unified its products from a complex fragmented ecosystem of standalone security products into a single powerful security platform – SecureX. The Cisco AppDynamics platform provides granular visibility and insight into application performance, underlying vulnerabilities, and real-time attacks, Kenna’s data science-driven, risk-based scoring engine prioritizes millions of vulnerabilities to focus on a fraction that truly matter. As we look to the future, Cisco will continue to extend its security functionalities, through both organic innovation and through investments in companies like Wabbi that share our philosophy.
Looking Ahead:“If Software is Eating the World, then Application Security is Eating Security”
When I asked Brittany about what lies ahead for Wabbi, she talked about application security becoming more and more prevalent: “Today, code powers our economy and our lives in so many ways. If you follow the logic from the famous line, ‘software is eating the world,’ then application security is eating security.”
So, when she thinks about how this relates to her vision for Wabbi, she says, “I want to get rid of the buzzwords – DevOps, DevSecOps, SecDevOps -- and get to the heart of the matter which is that security and development shouldn’t be separate thoughts. Security needs to be an inherent part of development, and I want Wabbi to be the one that drives this shift in mindset.”