Lessons from Hagerty: Scaling AppSec Without Becoming the Bottleneck

Hagerty successfully scaled the security tool StackHawk across over 40 developer teams within two quarters by emphasizing project management and coordination over technical challenges. Led by John Mercer, a DevOps Security Engineer, the rollout focused on gaining leadership and developer buy-in, leveraging existing goodwill between Security and Engineering, and utilizing strong project management to prioritize and integrate StackHawk into development cycles. By establishing repeatable patterns and clear communication of the tool's value, particularly its ability to simulate real-world attacks without causing pipeline bottlenecks, Hagerty managed to operationalize application security effectively. The approach highlights the importance of distributed ownership and clear communication in scaling application security, demonstrating that with the right strategy, tools like StackHawk can be integrated smoothly across large teams, ensuring that security does not become a development bottleneck.