In the HR tech industry, where handling sensitive employee and organizational data is core to the product, Simployer has made security a pillar of its development process. Based in the Nordics and serving over 12,000 companies and a million users, Simployer’s platform helps businesses streamline HR operations, from legal compliance to employee engagement.
To maintain the pace of innovation while staying secure and compliant, Simployer turned to Aikido.
Security as a shared responsibility
For Simployer, security starts at the core of how teams operate. Peder Nordvaller, CTO at Simployer, describes it simply:
“Security plays a huge role in what we do. We handle personal data that’s not just private—it’s critical to our customers’ business operations.”
Across Simployer’s engineering org, security isn’t siloed. Instead, it’s integrated into each team’s daily development cycle. From infrastructure to frontend and backend teams, everyone shares ownership of keeping systems secure.
Said, Tech Lead at Simployer, puts it this way: “Each team owns their space. That includes the security of the things they build.”
But while this culture is strong, it still required the right tooling to support it. Especially as the company scaled.
The Challenge: growing fast without losing control
As Simployer rapidly scaled its development, their teams faced a challenge: how to keep their security posture strong without slowing innovation.
“We’re investing heavily into product development,” Peder explains. “We needed to make sure our security approach could keep up with our growth.”
Simployer had tried several tools to help with code and infrastructure scanning, everything from Snyk to GitLab’s built-in solutions. But most platforms created more problems than they solved:
- High noise levels and unclear priorities
- Manual triage that drained developer time
- Low adoption due to clunky UX
Said elaborates: “There was a lot of noise, and you’d spend time digging into issues that didn’t matter. It just wasn’t clear what to focus on.”
For a company with multiple development teams working in parallel, this fragmentation was unsustainable.
Why Simployer chose Aikido
The team began searching for a solution that could provide clarity, speed, and seamless integration into existing workflows. That’s when they found Aikido.
“The first thing we noticed was how intuitive the UI was,” Said recalls.
“You get in, see the vulnerabilities that matter, and fix them fast.”
Aikido immediately helped reduce the cognitive load on developers by grouping and prioritizing vulnerabilities, and providing actionable fixes. The tool integrated directly into Simployer’s CI/CD pipeline and existing workflows, making adoption frictionless.
Two things stood out:
- Smart prioritization: “You know exactly what to look at, and what’s actually critical.”
- Auto-Fix: “If it can be fixed automatically, it just is. That’s a game-changer.”
Said adds, “The speed to resolution is incredible. We’ve fixed issues in under a minute. Aikido creates the pull request, tests pass, and it’s done.”
“The speed to resolution is incredible. We’ve fixed issues in under a minute. Aikido creates the pull request, tests pass, and it’s done.”
Making security part of the dev flow
One of the biggest wins for Simployer was how naturally Aikido became part of the developer experience.
“It changed the way we handle security,” Peder shares. “Now, we treat security like any other task in our day-to-day work.”
By embedding security into existing tools and giving teams actionable insights, Aikido helped eliminate the back-and-forth between developers and security teams. That meant less context-switching—and more secure code, faster.
Aikido’s coverage across Simployer’s full tech stack—from application code to IaC and open-source dependencies—also allowed the team to get a complete picture of their security posture from a single dashboard.
Looking ahead: scaling with confidence
With Aikido, Simployer has laid the foundation for a security-first development culture that won’t slow down their momentum.
- Developers now fix vulnerabilities in minutes, not days
- Security is embedded in the development lifecycle, not tacked on later
- Teams have visibility across the full stack, from code to cloud
- Manual triage is reduced, and fixes are often automatic
“It’s easier to do the right thing when the tooling supports you,” Said reflects. “And when it’s that easy, developers actually do it.”
“It’s easier to do the right thing when the tooling supports you. And when it’s that easy, developers actually do it.”
“With Aikido, security is just part of the way we work now. It’s fast, integrated, and actually helpful for developers.”
— Peder Nordvaller, CTO at Simployer
.svg){kind=logo}
%201.svg)
