Hey Martijn! Can you tell us about yourself and your role at Helin?
I’m the CTO and one of the founders of Helin. I’m responsible for everything around security and secure software design principles. We’ve built a platform that enables industrial companies, especially in maritime and renewable energy sectors, to manage edge intelligence at scale.
Our engineering team is around 40 people strong. The complexity of what we build both the software itself and the environment it runs in demands a security-first mindset from day one.
What does Helin do, and what problem are you solving?
We’re building an industrial app management platform. Our mission is to simplify the deployment and operation of software at the edge for industrial clients. Think offshore drilling rigs, wind farms, renewable energy parks... We’re essentially the OS for renewable sites.
We also drink our own champagne: we run two of our own applications on the platform to test, validate, and harden everything we do. It also means we’re our own customer zero. If something’s broken, we know before anyone else does.
How does Helin stand out in the industrial software space?
“In our industry, security is a ‘license to operate.’ If you can’t prove your software is secure, you’re out.”
Security is a core part of our value proposition, because it has to be. Our clients expect a "license to operate." That includes full SBOM transparency, hardened infrastructure, and the ability to respond to threats fast. The renewables space is still relatively immature in terms of security, so we're often leading the way (together with tools like Aikido to support us).
What were the biggest security challenges before Aikido?
We’ve always had a strong security posture. But the real challenge was turning that into something actionable for developers. You can define all the policies you want, but if developers aren’t picking up the signals, nothing changes.
“You can create security policies as much as you want, but if your developers don’t pick it up, you won’t solve anything.”
We tried multiple tools. They all covered the basics, but they lacked transparency and flexibility. Plus, customer service wasn’t great either. One vendor once took six weeks of vetting just to get back to a request of ours. And many tools just couldn’t be deployed in customer environments due to compliance constraints. That was a dealbreaker.
"We tried multiple tools. They all covered the basics, but they lacked transparency and flexibility. Plus, customer service wasn’t great either."
Why did you choose Aikido?
Because it fits how we think about security: it should be open, collaborative, and developer-friendly. Aikido doesn’t just identify vulnerabilities, it helps developers act on them. That shift has been huge.
“Developers actually like using Aikido. It's become a bit of a sport to reduce vulnerabilities.”
We also appreciated Aikido’s transparent model. Unlike some vendors where you get surprise licensing charges triggered by a simple Azure alert, Aikido makes it clear what you're paying for. True story: we once had an Azure alert on a Sunday (just an alert!) and it triggered an extra charge in one of our old tools. That’s when we realized: we needed a partner, not a penalty system.
“Unlike other vendors, Aikido doesn’t surprise you with alerts that suddenly cost you money.”
What’s your favorite feature?
Code-level integration. It brings findings to where the developers are, not the other way around. Everything integrates smoothly into our CI/CD pipelines. It’s native, not an afterthought.
Also, container scanning and static code analysis just work. They don’t require us to re-architect our systems. That matters a lot when your infrastructure has to meet stringent deployment constraints.
How has Aikido helped improve your security outcomes?
One of the things we’ve seen is that developers actually enjoy driving down the vulnerability counts. It becomes a bit of a game. That cultural shift is a big win. Aikido makes it easier to keep security top of mind, without slowing things down.
“Aikido doesn’t just help us check boxes. It helps us build the right muscle as a team.”
And because we operate in environments with strict data controls, we needed a tool that gave us full data ownership. Aikido’s APIs let us broadcast and read everything securely within our own environments.
What advice would you give to other industrial software companies evaluating security platforms?
“Don’t just look for a security tool. Look for something your developers will use.”
Don’t compromise on visibility. Make sure your developers can act on what the platform finds. And if your clients care about things like SBOMs and secure updates (which they absolutely should), make sure your tool helps you deliver on that.
If you had to describe Aikido in one sentence, what would it be?
It’s the only security tool I’ve seen that truly balances developer experience with industrial-grade requirements.
.webp){kind=logo}
.png)