Aikido
Start for Free
No CC required
Story
7 min read

From patchwork to proactive: How HiringBranch unified security & compliance

“It was a mix of tools that didn’t talk to each other. Now with Aikido, everything’s clean, connected, and actionable - right inside our Slack.”

Eric Dofonsou
CTO
Table Of Contents
TOC Item
Website
https://www.hiringbranch.com/
Founded
2017
Industry
HRTech
Funding Raised
Headquarters
Montreal (Quebec), Canada
Development Team Size
10

Hey Eric! Can you tell us a bit about yourself and HiringBranch?

Sure! I’m the CTO at HiringBranch. I started out as the sole developer about 12–15 years ago, and we’ve grown into a small but focused team of 10 engineers, including ML folks.

We originally began in education, but today, we specialize in pre-hire assessments, specifically evaluating communication and soft skills using NLP and machine learning. What sets us apart is that we let candidates answer in an open-ended format. Instead of multiple choice, we analyze what people actually say to assess their skills. It’s a much more natural and accurate way to evaluate human qualities.

What role does security play in the hiring tech space?

It’s all about trust. When companies use our platform, they’re trusting us with sensitive candidate data. We have a responsibility to protect that data, not just because it's the right thing to do, but because it reflects on our brand and our credibility.

Was there a moment you realized: “We need to take security seriously”?

Yes, absolutely. In the early days, especially when we were working mostly with smaller clients, security wasn’t a huge focus. But once we started getting into the corporate space, maybe 5 or 6 years ago, that changed fast. Clients were asking questions we didn’t have great answers to. That was a wake-up call.

What were your security workflows like before Aikido?

“We had open source tools, Microsoft platforms, Docker-based scans… and nothing talked to each other. It was chaos.”

I had a Docker image that I ran locally to scan the code. Then I’d generate a report, and manually push it somewhere. It was clunky and error-prone.

We used a Frankenstein mix of tools: open-source scanners, something from Microsoft in Azure, SonarQube, AWS Security Hub… all stitched together. And of course, none of them talked to each other. It was messy and hard to maintain.

And how did you come across Aikido?

We first looked into Aikido maybe two years ago. But things were busy, so we didn’t dive in immediately. When we eventually hired a security engineer, he started digging into Aikido and came back saying, ‘This does everything we need.’ Bit by bit, we began removing old tools. It wasn’t an overnight switch, it was a practical, thoughtful migration.

What made Aikido the right fit?

“Everything is in one place. The Slack and Azure DevOps integrations are game-changers.”

The difference for us was:

  • Consolidation: From five tools down to one.
  • Automation: Vulnerabilities are surfaced in Slack, where we can tag developers and act fast.
  • Reporting: “Every security meeting, I pull a clean report with everything we need to know. What’s new, what’s been fixed, it’s all there.”
  • Ease of use: It just works. No training sessions or complex setups.

Let’s talk compliance. How did you manage compliance before Aikido?

Yes, we’re officially SOC 2 Type II certified. The process started about two years ago, and while getting Type I was mostly about documenting policies, Type II was a whole different beast. That’s where the real operational rigor, and the pain of evidence collection, kicked in.

Before, we had to manually export reports from various tools and upload them into Vanta. It was clunky and time-consuming. Now? It’s synced automatically. It’s seamless.

It was clunky and manual. We had planned to export security reports from various tools and then upload them into Vanta, our compliance platform.

What role did Aikido play in your compliance journey?

Aikido, and specifically its Vanta integration, made a massive difference during our SOC 2 Type II process. As soon as we switched it on, it automated our entire security evidence collection workflow. Vulnerabilities, remediations, control coverage, all of it just started syncing in the background without us having to chase anything manually.

“We didn’t adopt Aikido because of compliance, but once we saw how cleanly it integrated with Vanta, it became a no-brainer. We just click a few buttons, and the evidence is already there.”

That meant no more exporting reports, uploading PDFs, or stressing over missing documentation during audits. Instead of proving compliance, we could focus on actually improving our security posture.

“Aikido took the stress out of compliance. The automation just works—it keeps everything audit-ready, without the scramble.”

What used to be a quarterly scramble turned into a quiet, continuous process: always on, always ready. Just the way it should be.

How has your team’s security mindset changed since adopting Aikido?

We’ve become way more proactive. Instead of reacting to issues, or worse, overlooking them, we now get real-time alerts. The scanning is continuous. There’s less chaos, less guesswork. Everything is structured and visible.

How’s your experience been working with the Aikido team?

Honestly, great. We have monthly check-ins, which are super useful to learn about new features. The support team is responsive, and we even have a dedicated Slack channel with them, which makes communication easy and quick.

And finally, if you had to sum up Aikido in one sentence?

“Peace of mind for the whole security process.”

Seriously. It used to be a chaotic mess of tools and tasks. Now, everything’s calm, clean, and under control.

Download Case As pDF

Other great stories told by our customers

HRTech
Aikido turned Vanta from a quarterly scramble into always-on security.
View story
HiringBranch
SecurityTech
Snyk’s output was hard to act on & duct taped to other tools for full coverage.
View story
Apheris
Agencies
Dev-first security, minus the chaos: how TechDivision unlocked speed and clarity.
View story
TechDivision
Other
Retail-ready security with real-time insights & fewer false positives.
View story
Coniq
Other
Executing on a long-term security roadmap
View story
SecWise
Software Development
From a patchwork of open-source tools to a centralized security posture.
View story
Kunlabora
Agencies
From startup speed to enterprise scale, Gravity unites UX and AppSec with Aikido.
View story
Gravity
Other
Easily securing InviteDesk's growth by acquisition.
View story
InviteDesk
Other
From SOC 2 audit preparation to continuous compliance.
View story
OutboundSync
Agencies
Securing 100+ repositories across clients and projects.
View story
CORE
Agencies
Streamlining security across 1.500+ repositories without breaking the bank.
View story
November Five
HRTech
Replaced noisy tools with <1 min fixes and dev-first workflows.
View story
Simployer
FinTech
CertifID's previous solution let them chase too many false positives.
View story
CertifID
PE & Group Companies
Delivering SCA and beyond to 6,000+ developers.
View story
Visma
FinTech
Minimizing false-positives, while keeping GitHub as the single source of truth.
View story
Bound
HealthTech
Birdie's fastest time to resolution? 30 seconds.
View story
Birdie
Software Development
Marvelution weaves security into its one-word business plan: "fun".
View story
Marvelution
HealthTech
Realizing efficiency gains, from one intuitive interface to pentests behind the login wall.
View story
Mediquest