Hey Marcus! Could you tell us a bit about yourself and what TechDivision does?
Sure! I’m a Senior Security Engineer at TechDivision, where I also lead our cybersecurity community of practice. I’m responsible for securing the development lifecycle across all engineering teams.
As for TechDivision: we started out as a classic e-commerce agency but have grown into what we call a digital enabler. That means we’re not just launching shops, we’re integrating data sources, building marketing strategies, and guiding our clients through their entire digital transformation. Today, we’re around 140 people strong, with about half of the team working in engineering.
So, how does security fit into that picture?
In a word: foundational. For us, security is about two things: stability and trust. When we’re building digital strategies or integrated platforms, we want to be confident that the foundations are solid. And we want our clients to trust that we’re doing everything possible to keep their data safe.
It also gives us the insights we need to make educated decisions. For example, if we want to roll out a centralized authentication platform, we need to understand the risks first. That’s what good security provides. Context and clarity.
Was there a specific moment when you realized, “We need to take security more seriously”?
Yes, a key turning point came in early 2022 during the TrojanOrders attacks targeting Adobe Commerce (and Magento) installations. While TechDivision’s clients weren’t affected (thanks to same-week patch deployment) the incident significantly increased awareness around the urgency of timely security updates. It also led to a shift in how both internal stakeholders and clients approached security patches. Before, some customers pushed back important security updates for months.
Later, the 2024 CosmicSting vulnerability helped reinforce the effectiveness of our improved processes, confirming that their proactive approach was working as intended.
What was security like before Aikido?
Honestly? A bit chaotic. I had eight security champions across different engineering teams. Whenever something like a new CVE popped up, I had to reach out to each of them to check if their repos were affected. It was time-consuming and hard to manage.
We even started building our own internal tool to track vulnerabilities, but eventually decided it made more sense to use a dedicated solution. We tried a few others before landing on Aikido.
What made you start looking for something new?
Our previous tool, the one with the dog logo, barked a lot but didn’t deliver.
A mix of things. Pricing was one trigger: our previous tool, the one with the dog logo, barked a lot but didn’t deliver. They raised prices significantly, and it didn’t feel justified based on the value we were getting. On top of that, we had technical limitations. Our infrastructure is fairly non-standard, so we couldn’t get the level of integration we needed.
There were product issues too. Their IDE plugin kept crashing on larger repos, and we were drowning in false positives. It got to a point where our developers weren’t even using the tool anymore.
And then you found Aikido?
Yes! What stood out to us was that it felt like it was built by developers, for developers. The onboarding experience was smooth, support was responsive, and the workflows just made sense.
What made Aikido stand out was that it felt like it was built by developers, for developers.
One thing I really appreciate is the noise reduction. Aikido’s approach, especially with its reachability analysis, helps us filter out irrelevant findings, like secrets in test files or inactive dependencies, so we can focus on real, exploitable issues. That level of precision has made a noticeable difference in how efficiently we can triage vulnerabilities.
Aikido’s reachability analysis helps us filter out irrelevant findings so we can focus on real, exploitable issues.
Has Aikido changed the way you work with clients?
It hasn’t changed our service offering per se, but it’s definitely increased the value we deliver. We can now get more security work done in less time, which benefits our clients directly.
We also have a baseline security package that we include in projects and having Aikido in place strengthens that package quite a bit.
We can now get more security work done in less time, which benefits our clients directly.
What’s your favorite feature?
That’s easy: the ability to search for dependencies across multiple workspaces. It’s been a game-changer when triaging issues across engineering teams. I’m also excited to test out some of the newer features like AI AutoFix and VM scanning. They could easily become new favorites.
How has your experience been working with the Aikido team?
Honestly, fantastic. When we hit an issue with the authentication flow, it was fixed within a week. That kind of responsiveness is rare.
There’s a real openness in communication, especially in the shared Slack channel. You can tell the team genuinely cares and is building a better product every day. It’s refreshing.
You can tell the Aikido team genuinely cares and is building a better product every day. It’s refreshing.
Final thoughts?
If you’re a company that wants to take security seriously without adding friction to your dev teams, Aikido is a no-brainer. It’s efficient, thoughtful, and developer-friendly. It’s helping us build trust. Not just with our clients, but with ourselves too.
If you’re a company that wants to take security seriously without adding friction to your dev teams, Aikido is a no-brainer. It’s efficient, thoughtful, and developer-friendly. It’s helping us build trust. Not just with our clients, but with ourselves too.
.webp){kind=logo}
.png)