Security Innovation’s 20th Anniversary – A Chance to Celebrate and Educate

Security Innovation turns 20 this year, a literal lifetime in cybersecurity years. We first opened our doors on September 3rd, 2002. In the two decades since, we have had a front-row seat to the most important era in #cybersecurity history. It has been an amazing experience – one we are eager to celebrate and reflect on during our anniversary year. But it has also been a learning experience that taught us (sometimes repeatedly) valuable lessons about everything from software security to managing change as a team.

We can’t wait to share what we have learned along the way and some of the more colorful stories and unbelievable anecdotes from our past (there are lots). But first, let’s take a quick look back at where Security Innovation started.

Software Security: Our Passion and Commitment from Inception

We spend a lot of energy these days advocating for people to take software security seriously. But the problem was much worse 20 years ago. Software security was an afterthought at best. Most developers ignored the issue, and few had the tools to make security a priority, let alone do anything to actually stop attackers.

While most of the software industry was happily ignoring security, one person was obsessing over it – James Whittaker, then a computer science professor at the Florida Institute of Technology, aka Florida Tech. A pioneer and visionary in the truest sense of the term, around campus, he was known as a ‘nutty professor,’ and he attracted a like-minded group of graduate and Ph.D. students into his orbit with a magnetic personality, wit, and deep knowledge of how software worked (and failed.)

Whittaker, at this time, was hard at work on a (still extremely influential) book called “How to Break Software: A Practical Guide to Testing,” and he was teaching his students many of the techniques with which he was experimenting. They learned how to break into software the same way attackers would. Under Whittaker’s leadership, it didn’t take long for this group to evolve into an elite unit on the same level as the world’s best hackers – except fighting for good. It really was an unparalleled team in terms of software security expertise and ability.

Given Dr. Whittaker’s passion for software security and the team he had recruited to join his cause, it seemed like an obvious (even inevitable) next step to start a business. Most businesses start with a competency and then build processes and methodologies around it. But Whittaker had already developed those processes within his team – he taught them how to excel at software security, and now they could teach others to do the same. Few businesses begin as fully formed, innovative, and welcome to the market as Security Innovation did.

That said, it has not been an effortless upward trajectory in the 20 years since. It hasn’t. But what made us special when we started – passion, expertise, originality – still characterize us today. And that ranks among our greatest accomplishments.

Why This Moment Matters

Our 20th anniversary is a natural time for us to reexamine our origin story. In doing so, something immediately jumped out: the present looks a lot like the past.

When Security Innovation started, the first anniversary of the 9/11 terrorist attacks on the US was just a few days away. The collapse of the dot com bubble still loomed large, the contours of Web 2 were starting to take shape, and a flurry of technological breakthroughs (smartphones, cloud computing, AI) were still years away. Yet it was clear even then that software was going to take over. Traditional “brick & mortars” were embarking on digital transformation strategies, putting a new emphasis on cybersecurity. Today’s digital acceleration is going even faster! The world is recovering from the COVID-19 pandemic and adjusting to remote work capabilities, an insatiable consumer appetite for on-demand everything, and 24×7 access to intel. As a result, there will be an even increased dependency on the cloud and software, which in turn, will yield more frequent, fast, and furious cyber attacks. It’s the digital arms race of the 21st century playing out before our eyes.

Since we have been through this before, we thought it would be a valuable exercise to dive into our history and highlight some of our experiences. They were instructive for us back then. We think they are just as relevant (if not more so) right now as every organization evolves into a digital-first, data-driven business where software security poses massive risks for those who don’t manage it properly.

No one knows more about managing it than Security Innovation. It’s been 20 years of hard-won experiences and first-hand insights that we will be sharing with all of you in the coming months. We think it will be a valuable way to celebrate our history and contextualize what Security Innovation has accomplished. More importantly, we want to prepare you for where software security is headed by charting where it came from. Past is prologue, after all, and much of what we have discovered over two decades contains teachable truths for all of us moving forward.

Follow Along with Security Innovation

We will be publishing regularly throughout the remainder of our 20th anniversary year. In articles, recordings, and other content, the team and I will go over the highs (and some of the lows) in Security Innovation history and talk about our biggest takeaways from those experiences. We hope our audience can avoid our mistakes, repeat our successes, and adopt a mindset that makes them more secure as time goes on.

We have been around the block a time or two by now, and we can’t wait to reveal what we learned along the way.

Stay tuned for our next topic – every company is a software company. We’ll share some unique, enlightening, and eye-opening perspectives on software security specifically and cybersecurity more generally – plus a few truly crazy stories from our past that you won’t want to miss. It has been an amazing 20-year journey.