StackHawk: Shifting Security Threats Left

Helping developers implement application security testing before production

Published on


2 min

Application security testing (AST) is the process of making applications more resistant to security threats by identifying weaknesses in source code, open source libraries, APIs, and running applications. Traditionally, AST has been performed at the end of a development cycle, often resulting in development delays due to application rejection.

As a result, “shift left testing has gained popularity in recent years, solving many of these bottlenecks. Rather than implementing security testing later in the development process, developers check for security concerns at the earliest stages in the development lifecycle, helping identify security threats before production.

Alumni Ventures portfolio company StackHawk is leaning in on the benefits of “shifting left” by empowering engineers to easily find and fix application security bugs at any stage of software development. The company’s security testing software — built for automation in CI/CD (continuous integration and continuous delivery) — makes it simple for developers to find, triage, and fix application security bugs.

Strong Customer Base & Market Opportunity

StackHawk’s customers (One Medical, CloudBees, Firebolt, etc.) have been increasingly pleased with the company’s product. Ariel Shin, AppSec Lead at OneMedical and a StackHawk customer, describes the company’s software as a high productivity tool, flexible, adaptable, and created with developers in mind. “We wanted a tool that offers the capability for developers to get involved in applications security so they can triage issues themselves. StackHawk was the only one that met this criteria,” she says.

With the information security software market at an estimated ~$100 billion (and expanding), StackHawk is well-positioned to tap into this market opportunity. The company earns revenue through a highly scalable subscription business model and has already seen significant revenue growth, growing rapidly quarter over quarter.

Experienced Team & Impressive Investor Syndicate

StackHawk’s CEO and Founder, Joni Klippert, is a startup executive with experience growing companies from seed through high growth and acquisition. Before StackHawk, she was the Head of Product at VictorOps, a company backed by Greg Sands/Costanoa Ventures (co-leading StackHawk’s Series B) that had a positive exit with Splunk (~$15 billion market cap). CSO Scott Gerlach was previously the Chief Information Security Officer of SendGrid (acquired by Twilio) and spent over nine years on security at GoDaddy.

The round is co-led by two veteran venture capital investors with strong track records — Dave Hartwig, Co-Founder and Partner of Sapphire Ventures and Greg Sands, Managing Partner of Costanoa Ventures. Dave has a BSE in operations research from Princeton and an MBA from UC Berkeley; Greg has an AB from Harvard and an MBA from Stanford. According to Pitchbook, Dave has led 24 investments and Greg has led 77 investments.

How We Are Involved

Strawberry Creek Ventures (for the UC Berkeley community) sponsored Alumni Ventures’ investment in StackHawk’s $20.7 million Series B alongside sibling funds Nassau Street Ventures (for the Princeton community), Triphammer Ventures (for the Cornell community), and 116 Street Ventures (for the Columbia community. Sapphire Ventures and Costanoa Ventures co-led the round.

Want to learn more?
View all our available funds and secure data rooms, or schedule an intro call.

New to AV?
Sign up and access exclusive venture content.

Contact [email protected] for additional information. To see additional risk factors and investment considerations, visit