CircleCI is a continuous integration and delivery platform for teams looking to shorten thedistance between idea and delivery. Founded in 2012. Series F $315M in funding with their lastround on May 11 2021 for $100M. Today we are talking with Tad, Engineer manager - security at CircleCI.
I was the first security engineer at CircleCI when the company was around 50 people (today500). I wrote all the security policies, helped out with IT support, and catch-all of anythingsecurity related. I helped CircleCI through the FedRAMP and SOC2 certification.We were one of the first Pima users, it's been a bit more than a year now.
We can have the NDA signed in less than 10 seconds.
CircleCI is a critical security vendor for a very large number of companies, especially with ourCloud offering. Trust is baked into our security and every customer deal.
Early on, people had to take our word for things (like security policies and pentesting). We had to fill out so many security questionnaires just to build trust for every single deal. It does not scale.
One of the things that our CTO (Rob Zuber) said was to make every decision through the lens of the SOC 2 standard since every customer is asking for it.
FedRAMP was the first program we went through, but right away one of the first problems we had was that we were sending out a 180-page Word document about our business that we certainly didn't want to end up on a public forum like Twitter. So, we wanted prospects to sign an NDA, and we were watermarking every copy of our report.
However, there’s really only so many times you can watermark documents before you start to think your time might be used better. On top of that, every prospect had to wait on them to watermark a document. Then, there was the Docusign part, where we had to chase prospects to sign NDAs.
Then SOC 2 arrived, and we wanted to streamline the process, so that's when we decided to start using Pima.
We had a collection of tools: Zendesk, Docusign, Adobe, Dropbox.
The original request came through Zendesk. We then needed to send an NDA with Docusign and get the correct people with signing authority on both ends, which often wasn’t the requester. After it was signed, it needed to be uploaded in Dropbox. We would send the watermarked report and send it back through Zendesk. It was a lot.
We would still be spending tons of hours on the problem (watermarking, etc.) and the result would not be satisfactory. I always felt like I was doing a poor job responding to customer seven when I couldn’t possibly do a better job with the tools.
The whole process is seamless now. If you are a customer success manager who is overseeing an important account that needs to send a SOC 2 report, they can get it to a customer in less than 10 seconds. Pima saves us so much time. Plus, it totally eliminates the toil for us internally.I dealt with the pain, and once we rolled out Pima this was not an issue anymore.
When I think of the people that save time thanks to Pima, a quarter of the company in one way or another benefit from the tool.
The best thing about it is how much time it saves to the whole team. The NDA part is really helpful. Now that CircleCI is bigger, we can have the NDA signed in less than 10 seconds.
You too can get set up with Pima under 15 minutes. Click here to get started with Pima.