GitGuardian is helping organizations secure the modern way of building software and foster collaboration between developers, cloud operations and security teams.
In this video
Alex Rich, VP of Sales – North America, shares the details on GitGuardian and what it’s like to work there.
We discuss:
- Details on GitGuardian & what is NHI
- Typical Customers
- What brought Alex to GitGuardian
- The culture at GitGuardian
- Why now a great time to join GitGuardian
Video Transcript
GitGuardian: Non-Human Identity Security with Alex Rich
Keith Cline: Alex, thanks so much for joining us.
Alex Rich: It’s great to be here. Thank you for having me.
Keith Cline: I’m excited to talk to you because we’re going to talk about GitGuardian, which is in a space of cyber security called NHI security platform. So that was an acronym that I had to learn. So let’s break that down. What is NHI and what does GitGuardian do?
Alex Rich: Yeah. No, there are definitely no shortage of acronyms in this space. So yeah. So NHI is kind of where we’ve really pivoted to with our recent release back in April. The core of the company, and it bleeds directly into NHI security, is the secret security space.
As it stands, GitGuardian is the market leader in the secret security space. So we currently offer the only enterprise ready end-to-end secret security platform that helps companies identify and remediate exposed secrets at scale. Are you familiar with secrets or would it be helpful to take a second to explain what I’m talking about there?
Keith Cline: I think it would be helpful to go through that as well.
Alex Rich: Yeah, sure. So, you can think of secrets like the username and password equivalent for a machine that a machine is going to use to authenticate, to communicate, to execute tasks. Secrets play a key role in supporting the microservices architectures that you’re going to find in modern day applications. They play a key role in facilitating cloud environments and cloud infrastructure. And then that little thing called agentic AI that we keep talking about. They’re pretty critical to making agentic AI work. So common examples of secrets that you may be familiar with include API keys, tokens, database credentials, certificates. It’s a long list.
In terms of what we do currently, and then I’ll get into NHI governance a little bit later and sort of what makes us us, the secret sauce if you will, is GitGuardian can find your secrets regardless of what they look like. So we support the detection of over 600 different classes of secrets and we do so with unrivaled precision. We have the lowest false positive rate across the industry and our recall rates—our ability to find real secrets—is unparalleled.
We can also find your secrets regardless of where they live. So most folks when they think about exposed secrets, their heads immediately go to source code and VCS like GitHub and Bitbucket, GitLab, so on and so forth. And they’re not wrong to think that way. About 80% of exposed secrets are going to be found in code and in those systems. But the remaining 20% are actually being exposed across all the tools and platforms that developers use to communicate and collaborate across as they build software. And to make matters worse, that 20% that’s not in code, those tend to be the more higher severity secrets, the ones that pose more risk to an organization.
So we’re very cognizant of this reality. We see it all the time with customers. So we actually built a platform that can find secrets across virtually anything. Any system or place that you can think of where a secret can be exposed, we can scan it and find it. So that includes virtually any VCS. A lot of the customers we work with are large and have multiple VCS’s in place at once. So being able to go across multiple is key. Includes tools like Slack, Jira, Confluence, Service Now, Artifactory. These are becoming hot beds for exposed secrets. And on top of that, we also actually monitor public GitHub and the public domain for exposed secrets, which is becoming increasingly more important as companies continue to expose more and more secrets on public GitHub. We actually saw that number climb to 23.7 million last year, which is a 25% increase over the previous year. And as bad actors are starting to leverage public GitHub as an exfiltration vehicle for stolen data, that’s where that public GitHub monitoring comes in as well.
The third thing that I like to call out when I talk about what makes us us is in addition to finding the secrets regardless of what they look like, where they live, we’re also giving you all the information and capabilities that you need to remediate secrets in a prioritized and automated fashion at scale because we believe that detection without remediation is just noise. And when it comes to the scale of the secrets problem, that noise can be deafening. So that’s kind of us in a nutshell.
Keith Cline: So it’s a very comprehensive solution. You mentioned enterprise before. So is that the typical customer that you’re dealing with or is it even a broader range than that?
Alex Rich: Yeah, so we typically are working with organizations that have large development teams that are building and maintaining large numbers of applications. So in terms of company size, yeah, that’s typically larger enterprises. We’ve got pretty strong representation across the Fortune 500, even some Fortune 10 because again those tend to be the companies that have large dev teams and large application footprints. A little bit more about the companies we work with. When it comes to verticals, we have really strong footprints in financial services, in technology, those are probably our two biggest ones. Also quite a bit of work across healthcare, telecom, consumer, and energy. And then when it comes to location and geography, we’re working with customers from all over the world, but the lion share of our revenues at the moment are coming from North America.
Keith Cline: All right. You joined the company as VP of sales for the US. So that was earlier this year. What brought you to GitGuardian?
Alex Rich: Yeah. So, what brought me to GitGuardian was a little bit of a light bulb moment that actually kind of I think drove us to move in the NHI governance direction. But for me at least when I kind of look at today’s companies with the advent of cloud, with the mass adoption of SaaS, the perimeters that used to protect companies have essentially become obsolete. They don’t really work in this world. In a lot of respects, identity has really become the new perimeter. And when you look at identity as category and kind of bifurcate into two categories, human identities and non-human identities (NHIs), the typical ratio of NHIs to human identities right now is 100 to one. That number could grow to a thousand to one by the end of next year. To be honest, Agentic AI is going to play a big role in that. So for me, I saw GitGuardian as a way to help secure or to help tackle one of the biggest and most pressing cyber security challenges that today’s companies are facing, which is securing the new perimeter and the bigger portion of the new perimeter, which is non-human identities.
Keith Cline: Since joining the company earlier this year, like what’s what’s the culture like? What’s it like working at GitGuardian?
Alex Rich: Yeah. I know definitely another one of the things that really attracted me and has proven to be true what I thought I saw from the outside. So the first thing that really jumps out to me is this is very much so a product and customer first organization. We care deeply about the technology that we put out, the way in which we support our customers and the role we’re playing in helping customers tackle what again we see as one of the most important cyber security challenges that organizations face today. The value that our customers get from our products and teams is our true northstar. Obviously, revenue matters, too, but we’re really tight and aligned when it comes to customer satisfaction and value.
The other thing for me is the people. People care about this company more so than they do their individual teams and tasks. And there’s real buy-in for the mission. And that passion drives a real sense of pride, energy, camaraderie that really pulses through the place. You can even feel it in what’s for a lot of us here in North America a remote first environment.
And then we’re on the bleeding edge with respect to both our product but also the way in which we do our work. This is very much so an AI first shop. If you’re not doing it with an agent or using an agent to do a big part of it, whatever it is, you’re probably doing something wrong. And there’s going to be multiple people here to show you the right way of doing it. And I personally have just changed so much of how I do my work here as a result of it. And it’s one of the things I really value here. What else can I tell you? We’re competitive. No one’s okay with finishing second. We work hard and we challenge each other. We celebrate our wins and we really do make it a point to do postmortems and learn from our mistakes. And yeah, once in a while we have a little bit of fun and the fun is more fun when you sprinkle in the international element. We’ve got people from everywhere here. I regularly have that Google Translate app up.
Keith Cline: All right. So, top tier talent regardless of market conditions, they always have opportunities in front of them. So, why is now the ideal time to join GitGuardian?
Alex Rich: Yeah. I mean, look, I think again, not to be repetitive, but I really do believe we’re solving one of the most important cyber security challenges of our time with really smart people and impressive tech in a culture that promotes meritocracy and collaboration. I mean that’s a special opportunity and I think we’re in a very ideal position to go win that market. So, you know if that’s something that interests you, which I think it’ll probably interest a lot of people, that’s reason. The growth here is very real both in terms of the company and the individuals who work here. Financial upside is also meaningful and I guarantee that you’ll get better during your time here if you manage to join us. The work we’re doing has a serious positive impact for companies. For the right candidate, that should matter. And, you know, like I said, the energy in the room is pretty special. I truly do look forward to doing this job every day. And I’m pretty sure my colleagues feel the same way.
Keith Cline: Well, if you are interested in exploring opportunities at GitGuardian, you need to go to their company page on VentureFizz, which has all their job listings there. Go to venturefizz.com/getguardian and you’ll find all their listings. Alex, thanks so much for taking the time to walk us through all the details on the company.
Alex Rich: It was my pleasure. Looking forward to future conversations.
