Shifting Left, Moving Forward (Part 1) : Annoucing a New Initiative
Join the Conversation to Overcome Frictions and Challenges in Software Security
Hello Cyber Builders 🖖
I’m super excited to share some big news this week. We’re announcing one of our first—and most advanced—projects within the Venture Studio I’m running. A new initiative is coming, and I’m here to open the conversation with you. This is your opportunity to join us in shaping the future of software security.
The reality is that there’s a growing community around software security practices and application security. Still, real change only happens when developers, security teams, and the wider tech community come together. At CyGO Entrepreneurs Venture Studio, we believe in the power of direct feedback and meaningful conversations.
That’s why we’re launching this initiative—not to sell you something but to learn from you genuinely.
We want to understand your challenges, the friction points in securing software, and the solutions your teams have found. Whether you’re a developer, an application security engineer, a product security expert, or just passionate about this field, your insights matter.
This is a dialogue, not a monologue.
So, I encourage you to interact with us, share your experiences, provide feedback, and help us uncover the real issues around software security.
Feel free to book a quick call, email us, or comment on this post with your thoughts. We’re here to listen and learn.
Let’s embark on this journey together.
Why Now? The Urgency of Software Security
Software is everywhere—it powers our daily lives, runs businesses, and even controls critical infrastructure. You develop and use software for sales, manufacturing, healthcare, or even finding a partner. As software becomes more embedded in our world, so do the risks associated with insecure code and poorly integrated security practices.
There’s a global push to secure software by design, and it’s no longer just about meeting compliance standards. The US CISA, the EU Commission with the Cyber Resiliency Act, and other regulators call for more robust security measures in how software is designed, developed, and deployed.
This is where the concept of “shift left” comes into play—securing software earlier in the development process rather than trying to fix issues after they arise.
Watch the 30-second clip from US CISA Director Jen Easterly. She emphasizes the urgent need to secure software by design, highlighting how attackers increasingly target software vulnerabilities. Her message reinforces the global push for proactive security measures, urging organizations to prioritize security earlier in the development lifecycle.
The reality is that we can’t afford to treat security as an afterthought. With increasing attacks targeting software vulnerabilities, the stakes are higher than ever.
CyGO Entrepreneurs initiative is about addressing these challenges head-on, with the help of those who live and breathe this reality every day. We want to hear from you—the people in the trenches—so we can work together to create a safer and more secure digital future.
Click the message button to provide feedback.
Current Challenges: Too Many Tools, Not Enough Solutions
Adopting “shift left” security practices is far from smooth. There’s a lot of friction in the process, and it often feels like everyone has different needs and expectations.
Developers may struggle to understand the depth of security requirements, while security teams might not grasp the everyday challenges that developers face. Business stakeholders may also see regulatory requirements and customer demands for security but aren’t sure how to translate those into actionable steps.
This disconnect creates a friction-filled world where different roles aren’t always on the same page, and the path forward can feel anything but straightforward.
In addition, the landscape is cluttered with tools and acronyms—SAST, DAST, container security, and the list goes on. Each tool promises to solve a piece of the security puzzle, but when you add them together, they can create an overwhelming stream of alerts and noise.
The abundance of tools in software security often complicates rather than simplifies the situation. As the Software Analyst’s post on software supply chain security highlights, the modern software ecosystem is flooded with solutions targeting every security angle. Each tool has its rules, configurations, and alerts.
This overwhelms teams and makes them uncertain about where to focus their efforts.
Instead of providing a clear “paved road” with guardrails to guide you, these tools often leave teams with more questions than answers. How do you prioritize what matters? Which alerts are critical, and which can wait?
We’re curious to hear how you navigate this challenge. Do you find that these tools actually help your workflow, or do they end up adding more complexity and roadblocks? Is there something missing that would make security practices easier and more integrated?
We want to explore these questions with you and better understand how teams can cut through the noise and make security a natural, less cumbersome part of the development process.
Click the message button to provide feedback.
Discovering Pain Points Together: Join the Conversation
With Cyber Builders, our mission is to create a platform for meaningful conversation, collaboration, and exploration of software security. This initiative from CyGO Entrepreneurs Venture Studio is not about selling you anything or pitching products.
We’re here to engage in authentic dialogue with practitioners—developers, security engineers, product managers, and others—who are navigating the complexities of software security.
We aim to understand different roles' unique challenges, uncover common pain points, and see where needs and solutions might align—or diverge. Here’s a breakdown of the critical areas we’re focusing on according to different roles:
Developers
Are you overwhelmed by the volume of security tasks? Do tools help integrate security into your workflow, or do they slow you down?
Application Security Engineers
How challenging is it to align security practices with development processes? What would make tool integration smoother?
Product Security Officers
Are you able to prioritize security issues effectively? How do you balance risk management with product timelines?
Product Managers
Do customer and regulatory security demands translate into actionable steps? What resources or guidance would help you?
Sales & Account Managers
How do you help clients navigate tool overload and integration issues? What feedback do you get about unmet needs or regulations?
Conclusion
We want to hear about your challenges, how you’re overcoming them, and what still needs improvement. Your insights are essential for understanding real-world problems and building solutions that make a difference.
Feel free to share your thoughts in the comments, book a brief call, or email us. Your experiences will help shape the future of software security.
Laurent 💚
Great initiative.
May I suggest, the first place to start, is the security software companies themselves. All of the providers of cybersecurity software - including even those who provide application security software - are at their heart, software companies *first*, and cybersecurity companies second.
There is an idea in software of "eating your own dogfood", which in this case, also means, following your own advice. We very often, struggle with actually getting this done. It is a never ending battle between shipping product, and security of said product.
Starting with these companies who know very well the challenges on both sides, should provide you with insight.