Our investment in StackHawk

Giving developers the tools and confidence to own security at the app layer

We are excited to announce that Matchstick Ventures Fund II has completed an investment in StackHawk (stackhawk.com). StackHawk is a continuous vulnerability-scanning and remediation solution built for devops.


With the growth of agile and lean development methodologies, software and app developers are now writing and shipping code every day. And while they’re creating better products by getting user engagement quicker, they are having to sacrifice on understanding and ensuring the security of the code they deploy. Developers face a difficult tradeoff: prioritize speed or guarantee security.

Security and vulnerability scanning capabilities haven’t kept up with this new, high-speed mindset. Existing security tools, which conduct point-in-time code audits, are still stuck in the era of waterfall development, when huge amounts of code were scoped and developed over months before being pushed into production. With agile, more developers are pushing more code, more frequently, resulting in a significant increase in the points where security vulnerabilities might get introduced. As a result, the old school, once-a-year, static code checks are outdated the day they are complete. 

To compound matters, checking security historically fell to an in-house IT group or specific team of developers, but as IT teams shrink across the industry, responsibility is now on developers to make sure their products and companies are not vulnerable to attacks or breaches while maintaining the compliance checks and documentation that regulators require.

Company Specifics

StackHawk is creating a continuous, vulnerability-scanning documentation and remediation solution built for the developer. It is a SaaS solution that lets developers run security tests on app code at each phase of the development pipeline. StackHawk scans the app for vulnerabilities and describes them back to developers in language that is clear and actionable, so creators can own the security of their work and fix vulnerabilities in real-time. This steady stream of security checks also lets companies rest easy, knowing they have detailed info to help meet compliance and regulatory requirements. 

StackHawk is run by an all-star team of security experts and developer-focused marketers. CEO Joni Klippert is the former VP of Product at VictorOps, which was acquired by Splunk. Scott Gelach was former Chief Security Officer at SendGrid and Twilio, and has 20 years in security leadership. Ryan Severns was VP of Growth Marketing at JumpCloud. They all have a proven ability to keep companies secure, and give developers what they want and need. We’ve seen these skills during a long period of friendship. Ryan Broshar got his MBA at the University of Colorado with Joni almost 10 years ago, and Natty has been working alongside her in Colorado’s startup ecosystem for nearly as long. 

Learn more at:

Natty Zola
July 19, 2019