A Bethesda cybersecurity startup has raised $8.5 million in a seed round to help companies across industries develop more secure software for internal or external use.
Heeler Security Inc., founded by four alums of Boston cybersecurity firm Rapid7 Inc. (NASDAQ: RPD), obtained lead investment for its seed round from Palo Alto, California, investment firm Norwest Venture Partners. It also saw participation from Storm Ventures, a Menlo Park, California-based investment firm.
The new round brings the company's total funding to about $9.3 million.
CEO Chris Hertz, Chief Product Officer James Green, Chief Technology Officer Trever McKee and Chief Strategy Officer Chris DeRamus founded the company in June 2023. DeRamus and Hertz previously joined Rapid7, where they later met Green and McKee, following the $145 million acquisition of Arlington cloud management startup DivvyCloud in April 2020, a company DeRamus co-founded in 2013.
The new funds are expected to keep Heeler afloat for the next three years as the 12-person, pre-revenue company turns its focus toward growing the features of its product ahead of a commercial launch eyes for later this year.
Hertz told me during a video interview the startup's tool suite, which will be available as a licensed subscription product, looks to serve as a connector for a company's software developers and the security teams tasked with ensuring software is not prone to threats or attacks by automating some of the software development processes.
"Fundamentally, if we are on a mission, it's to allow people to write secure software," Hertz said. "Today, it's just very difficult to do that. It's very expensive. We are on a mission to say let's allow every customer of ours to write secure and resilient and ready-for-the-future-of-software that is less likely to breach and is, therefore, more likely to live up to the promise of customer trust."
He said this allows for a more unified product, since many software development teams operate in a silo from security teams. That can create fragmentation in software development, Hertz explained, which can lead to a disconnect for the security teams who might not understand the context behind why certain features are added to a software product or the types of security that might be appropriate.
For example, some pieces of software are vulnerable to attacks if connected to the internet but are otherwise safe to use. Hertz said security teams are frequently uninformed of distinctions like this when presented with software that's already been developed.
But with Heeler's tools, Hertz said developers and security experts can create software together on a platform that allows everyone to know the context behind the different parts of code that are added along the production process, a challenge Hertz described as one that's quite labor-intensive and burdensome to address.
"There's a ton of friction between security and developers because security is often seen as creating more work," Hertz said. "And if you're a developer, you're trying to build and if someone comes along and says, 'Hey, go fix this thing,' well, part of the problem is you just don't know what are you supposed to be fixing, why are you supposed to be fixing this, is it important, and most security teams don't have the context to be able to communicate this to developers," Hertz said.
