Ogaga Abuchi has been working as a fractional CISO since 2021, supporting companies across healthcare, fintech, and SaaS. In 2023, she started working with Nerdio in a fractional capacity, as well as several other organizations.
Today, Ogaga manages product and application security at Nerdio while continuing to advise other organizations as a fractional CISO. That dual perspective shapes how she evaluates tools: they need to work not just for one company, but across multiple environments, maturity levels, and constraints.
At a glance
- Person we spoke with: Ogaga Abuchi, fractional CISO & Information Security Manager at Nerdio
- Company: Nerdio (Azure Virtual Desktop & Windows 365 management platform)
- Primary challenge: Scaling application security across teams with limited time, budget, and tolerance for noise
- Before Aikido: Expensive AppSec tools with high false positives and poor signal
- Using Aikido for: SAST, DAST, dependency & SBOM scanning, developer workflows, executive reporting
- Key outcome: Less noise, faster remediation, and more developer time
Challenge: scaling security without scaling chaos
From Ogaga’s perspective, most security problems aren’t technical. They’re structural.
As a fractional CISO working with small and mid-sized companies, she consistently runs into the same constraints:
- Small security teams with limited hands-on capacity
- Tight budgets that can’t support heavyweight enterprise tooling
- Tool sprawl, where multiple overlapping tools drain money and attention
- Cultural resistance, especially from developers who fear security will slow them down
- A constant pull toward reactive firefighting instead of proactive security
At Nerdio, the baseline was already relatively mature: experienced developers, regular security training, internal and external penetration testing, and leadership that took findings seriously.
But even with that maturity, Ogaga saw a familiar risk.
Without the right tooling, teams either drown in alerts or stop trusting them entirely.
Solution: an AppSec platform that developers actually listen to
Before Aikido, Nerdio used another AppSec tool. It was expensive, noisy, and often out of date. Most findings turned out not to be real issues, which made it hard to have productive conversations with developers.
That was the breaking point.
After researching alternatives and drawing on prior experience, Ogaga introduced Aikido.
What stood out immediately wasn’t just coverage, but signal quality.
Aikido surfaced real issues in third-party libraries and SBOMs, reduced false positives, and explained findings in a way developers could understand.
“We were spending too much time on things that weren’t real issues. With Aikido, we’re working on real vulnerabilities again.”
At Nerdio, Aikido is now integrated into repositories and workflows. The team actively uses SAST and DAST, and adoption is gradually expanding toward IDE usage so issues can be caught even earlier. Cloud scanning and AI pentesting are next on the roadmap.
Ogaga is particularly fond of Aikido’s AI-driven guidance.
“I like that it tells you where the issue is and how to fix it. I won’t auto-open pull requests (developers would kill me) but the suggestions are incredibly helpful.”
Outcome: less noise, more trust, real time saved
The most noticeable impact of Aikido at Nerdio has been how quiet security work has become.
Sometimes, Ogaga has to remind himself to check in.
“Some days it’s so quiet I have to remind myself to go report on vulnerabilities.”
That quiet isn’t a lack of coverage. It’s the result of reduced noise and better prioritization.
Compared to previous tooling that generated hundreds of findings per scan, most of them dismissed as false positives, Aikido helps teams focus on what actually matters. Developers spend less time arguing about findings and more time fixing them.
It’s also made Ogaga’s job easier as a security leader. When developers question a finding, she can pull up clear context, code snippets, and explanations that speak their language.
The result:
- Faster remediation
- Fewer false positives
- More developer trust in security tooling
- Less time spent manually triaging findings
- A stronger application security program overall
From a fractional CISO perspective, that matters even more.
When you’re responsible for multiple organizations at once, every hour saved compounds.
How Nerdio is expanding its use of Aikido
Already using
- SAST
- DAST
- Dependency Scanning (SCA)
- SBOM scanning
- Developer workflows
- Executive reporting
Planning to adopt
Summary: a tool built for security leaders with limited time
For Ogaga, Aikido isn’t just a Nerdio tool. It’s part of her fractional CISO toolkit.
She’s used and evaluated many AppSec platforms over the years. In that context, Aikido stands out for its simplicity, clarity, and developer-friendly design.
“Everything is simple. People log in and immediately understand what to do.”
It works for any company that needs to raise their security bar without building a massive security organization.
And if Ogaga had to summarize Aikido’s value in one sentence, from a fractional CISO’s perspective?
“It reduces time.”
.avif)
