Bilal Bhatti - VP Engineering
Throughout my career, I've had the privilege of working at both large corporations and startups, wearing both individual contributor and leadership hats. As an engineering leader, I've often found myself on the receiving end of security concerns and vulnerabilities - from newly discovered issues in third-party libraries to questionable coding practices within our own codebase.
While security was always a priority, it often felt like an afterthought or even an obstacle, rather than an integrated part of the development process. As a result, I've seen many well-intentioned initiatives stall due to the lack of connection between developers and security teams. That's why, in recent years, I've become passionate about creating products that bridge this gap.
My team's goal is to build security-focused developer tools that seamlessly integrate with developers' daily workflows, providing real-time insights, alerts, and guidance to proactively mitigate vulnerabilities and ensure more robust, secure software. By doing so, we're not only addressing the security concerns themselves but also promoting a culture of security awareness and ownership among our development teams.
------------------------
Zack Perdomo - COO
The experience garnered through the multitudes of right and wrong decisions made at the top of both large and small companies is what inspired me to create LockDown Labs with the other founders. Decisions that are made before and during periods of economic growth and, mainly, recessions can make a company great or a glorified meat grinder.
The most recent boom and bust cycle occurred in the early 2020s and was the most compressed cycle ever seen. We witnessed 0% interest rates, massive fundraises, valuations at astronomical multiples, insane growth projections, and overspending to try and achieve the growth expectations. Companies were in a fever dream of huge funding rounds and growing revenue no matter the cost, and there was plenty of blame for the eventual bust cycle that ensued (covid, the Fed, companies, VCs, etc….), but much of the fault was rightly on the companies. “Unicorn” startups and large enterprises alike were performing layoffs, cutting budgets, and beginning to prioritize profitability over revenue growth; counterintuitively, startups that had raised tons of funds, now need to focus on efficiency and profitably.
Startups should always prioritize revenue growth, especially after raising funds, and that is the plan at LockDown Labs, but the difference is ensuring the revenue growth is rational and predictable. We started LockDown Labs to build a sustainable company that will give its customers a reliable product, but we also want it to be a company employees can trust. At other companies we were tasked with cutting a percentage of our workforce, or experienced the layoffs ourselves, all due to untethered growth expectations that cut into a small company’s runway or aimlessly spending to drive revenue without improving the true growth inhibitors.
At LockDown Labs, our promise will be to focus on quality over quantity and sustainability over “growth at all costs”. We are content with building a transparent and trustworthy “Clydesdale” that supports our team and customers, “Unicorns” can stay in fairy tales flying on rainbows.
------------------------
Ali Naqvi - CTO
I have spent the past 15 years solving problems in cybersecurity. As my experience in the field grew, so did the techniques I used to maneuver and solve these issues. However, what I came to realize is that there is not a "one size fits all' approach for every security problem. The tools used are being addressed with a narrow and tactical approach. To diagnose a problem and come up with a solution I have learned to look at the issue from all angles. Once I see the bigger picture, I can create a solution that would directly rectify the specific problem.
Today, solutions for security remediation fall into two buckets. The first targets the problem from a security point of view. Tools are built to improve an organization's overall risk. They focus on minimizing the number of tickets opened to the developer. They use the reachability of the vulnerability in the code and runtime to reduce the number of open tickets for the developer to fix. While these tools can reduce the number of tickets that go to the development team for remediation, they still do not allow the developer to directly remediate the issues. Rather, they add to the problem by giving them more work. These types of security tools are adding pressure to the developers to remediate the issue, leading to inevitable burnout. Companies that implement such solutions end up with disgruntled developers who view the security space as complicated and an unnecessary add-on to their already hectic workload.
This brings me to the second bucket of security remediation which focuses on the developers. These solutions allow developers to address security issues while developing and utilizing AI and code generating tools to help developers write secure code during development. This approach gives developers a false sense of satisfaction that they are engaging in good security practices, when these tools are not looking at the bigger picture in security. They must take into consideration the fact that anyone can hack a dependency file once a developer's code is deployed. The security team will need to address this post-deployment of their application.
As I started developing the LockDown Labs solution, it was obvious that it needed to be empathetic to both the security and the development team. Bilal and I knew that this had to be at the forefront of our solution since each team struggles with security breaches. The product we create must examine the problem from both perspectives and address the concerns from a security and development team's point of view. It must be flexible enough to solve the problem in an automated way while allowing flexibility for the security and development teams. As we launch our product in the coming months, we are hopeful that both teams will see this approach and be pleasantly surprised.
------------------------
Jeff Ginter - CEO
Outside of the questions that will come directed at our solution, questions around our immediate needs in staffing/marketing/coding and then questions around what booth would you like at the upcoming [insert cool tech show]?... I’ll answer the one we get about why start your own cybersecurity company.
Although we have had some great rides at our last few ventures, we generally hit a point where we’ve built a strong team, put our methodology in place, enact some newer GTM ideas and are seeing great results (BTW we can bring the receipts on this), but then we find that we run into an impasse.
As we are getting immediate feedback from customers, prospects, partners and in seeing competition (direct or adjacent), often we have strong thoughts on where to take our product and business. We usually feel a divide grow between what the customers (and market) are prioritizing and what we have planned and I am not sure a great job in providing WHY or HOW on the roadmap happens. From getting that feedback or new idea to implementing them (or choosing not to) takes too long and is communicated poorly.
So…how did we get here? Well, we put together the following components:
We have designed some very interesting approaches and techniques to address how we will build our product(s) while incorporating feedback at a much quicker pace.
Ali and Bilal came up with a plan to address several challenges that organizations face that we feel can be dealt with in a much different fashion than we see today or on the horizon. They have an initial, real roadmap of what we should do.
The crew of folks that we’d like to work with (again or for the first time) and those that want to work with us (which I can’t even best express how grateful we are of your trust and professionalism).
Our desire to provide our customers, employees and partners with a great experience prior, during and, especially, after a purchase.
Given all the above, we felt driven to build something (both product and company around it) to have a big positive impact to a space we know well.
Thanks so much for reading and I, strongly, hope we have the chance to prove ourselves to you and our industry.
