StepSecurity, a Seattle-based startup founded in 2022 by former Microsoft engineers and cybersecurity experts, Ashish Kurmi and Varun Sharma, recently announced a successful $3 million seed round led by Runtime Ventures. Their focus is on providing tools to help developers secure their projects, particularly in the realm of continuous integration and continuous delivery (CI/CD). This process involves automating the development and deployment of applications, with StepSecurity targeting developers who use GitHub Actions and planning to expand to support other similar tools like GitLab CI, Harness, and Azure DevOps. The startup already has paying customers in industries such as crypto, healthcare, and cybersecurity.
Kurmi and Sharma’s inspiration for starting StepSecurity came from observing high-profile security breaches like the SolarWinds and Codecov hacks that occurred within CI/CD pipelines. These incidents exposed significant security vulnerabilities in the system and motivated the co-founders to create a solution. They shared in a blog post that the lack of security measures in the CI/CD pipelines was alarming and led them to develop their product openly, initially offering it for free to assist open-source developers in securing their pipelines. This initiative eventually evolved into the formation of StepSecurity, which has now become a promising endeavor for Kurmi and Sharma.
Before launching StepSecurity, Sharma spent nearly 15 years at Microsoft, where he served as a principal security software engineering manager. On the other hand, Kurmi worked at Microsoft for almost eight years before transitioning to roles at Uber and Plaid as a security engineer. Their combined experience and expertise in the cybersecurity and software engineering fields have uniquely positioned them to address the critical need for enhanced security measures in CI/CD pipelines. With the backing of investors such as Inner Loop Capital, SaaS Ventures, DeVC, and angel investors from prominent companies like Coinbase and Zscaler, StepSecurity is poised for continued growth and success.
The funding received from the seed round led by Runtime Ventures will enable StepSecurity to further develop and enhance their offerings, expanding their reach to more developers and organizations seeking to bolster the security of their projects. By focusing on CI/CD security and providing tools tailored to the specific needs of developers using platforms like GitHub Actions, StepSecurity aims to mitigate the risks associated with potential cyber threats and attacks in the software development process. The startup’s commitment to innovation and dedication to securing CI/CD pipelines has garnered attention and support from industry leaders and investors alike.
As StepSecurity continues to iterate on their product and engage with customers across various industries, they are positioned to make a significant impact on cybersecurity practices within the software development community. The co-founders’ mission to address the vulnerabilities in CI/CD pipelines and prevent future breaches like the SolarWinds and Codecov incidents underscores the critical importance of prioritizing security in the rapidly evolving tech landscape. With a strong foundation, experienced leadership, and a clear vision for the future, StepSecurity is well-positioned to become a trusted partner for developers looking to safeguard their projects and minimize security risks in their operations.
