How One Startup Uses Developer-Led Security to Ship Without a Dedicated Sec Team

Failed to add items

Sorry, we are unable to add the item because your shopping cart is already at capacity.

Add to basket failed.

Please try again later

Add to wishlist failed.

Please try again later

Remove from wishlist failed.

Please try again later

Adding to library failed

Please try again

Follow podcast failed

Unfollow podcast failed

How One Startup Uses Developer-Led Security to Ship Without a Dedicated Sec Team

Listen for free

View show details

Episode 80 of The Technical Co-Founder Podcast — Lucas and Luna explore how a 25-person B2B SaaS startup called LayerVault replaced traditional security tooling with developer-led practices. They walk through LayerVault's adoption of Sigstore for software supply chain signing, OpenSSF Scorecards for open-source dependency hygiene, and a lightweight threat modeling ritual that engineers run as part of their sprint planning. Lucas breaks down how the company reduced its mean time to remediate critical vulnerabilities from 14 days to under 48 hours without hiring a single dedicated security hire. Luna challenges whether this approach scales past 50 engineers and presses on the cultural prerequisites. The episode closes with a reflection on when developer-led security becomes a bottleneck rather than an enabler. #LayerVault #Sigstore #OpenSSF #DeveloperLedSecurity #ThreatModeling #SoftwareSupplyChain #ShiftLeft #B2BSaaS #EngineeringCulture #VulnerabilityManagement #SprintPlanning #StartupSecurity #BusinessAndTechnology #TechnicalCoFounder #FexingoBusiness #BusinessPodcast #SecureDevelopment #DevSecOps Keep every episode free: buymeacoffee.com/fexingo

No reviews yet