Amid rapid digital transformation, as artificial intelligence became an integral component of business processes by the end of 2024, cybersecurity issues acquired a new dimension. The increasing complexity of the threat landscape requires a transition from fragmented inspections to comprehensive protection systems covering all stages of the software development life cycle. At the center of this transformation are technological solutions that make it possible to automate security control without slowing down the release of new digital products.
The formation of modern standards of secure development is closely associated with the professional activity of Aleksandr Pinaev, whose approaches to organizing security processes have shaped the development trajectory of the Application Security (AppSec) segment over the last decade. Having begun his career in major international IT corporations, Aleksandr identified as early as 2012 the need to create a more dynamic structure capable of responding promptly to technological challenges. During that period, the cybersecurity sector demonstrated potential for faster growth than conventional software development.
The founding of Swordfish Security in 2013 became the practical embodiment of Aleksandr’s strategy to create an expert center in the field of DevSecOps, a methodology that integrates development, security, and operations into a single continuous cycle. At the initial stage of the project, the main efforts were concentrated on consulting and outsourcing services for foreign technology companies. The first major partner was the American company Venafi, specializing in the management of digital keys and certificates, with which cooperation continued for many years.
An important stage in Aleksandr’s professional biography was the implementation of an application security analysis project for the 2014 Winter Olympic Games in Sochi. Cloud-based vulnerability detection solutions were applied for this task, which at that time represented an innovative approach for the industry. The successful completion of the project confirmed the viability of a model in which automated code-scanning tools are integrated into the development process and provide regular verification of each release.
In parallel with operational management, Aleksandr developed a partnership network with global vendors of security tools. Between 2013 and 2018, the company became an official partner of such vendors as Veracode, Checkmarx, Sonatype, and Micro Focus. These alliances made it possible to accumulate international experience and introduce into the local market the most effective methods of static application security testing (SAST) and dynamic application security testing (DAST), aimed at detecting software errors and vulnerabilities.
By 2017, under Aleksandr’s leadership, the company began transforming from a service-oriented business into a product-oriented one. The decision to develop proprietary software solutions was driven by the understanding that the consulting model had certain scalability limitations. Aleksandr formulated the vision for two key products, AppSec.Hub and Stingray, intended to solve fundamental problems in the interaction between development teams and information security departments.
Aleksandr’s role in this transformation was not limited to general executive supervision. He selected the product specialization, studied the emerging security testing market and relevant industry reports, approved the product roadmap, controlled the development budget, participated in product demonstrations and presales, and supervised the protection of intellectual property rights for the company’s software products. This direct involvement allowed Swordfish Security to move from a consulting-based business model to a product-centered cybersecurity company with a clear technical concept focused on integrating security into the everyday workflow of software developers.
This concept was reflected, above all, in Aleksandr’s idea of removing the barrier between security specialists and programmers. Traditionally, security checks were perceived by developers as an obstacle, since reports in the form of hundreds of PDF pages did not provide a clear understanding of the actions required. The implemented solution made it possible to automate the transfer of identified vulnerabilities directly into developers’ task management systems, such as Jira, in the form of specific tickets that were understandable and familiar for execution.
Another technical achievement was the development of mechanisms for data correlation and deduplication. When software is checked by different scanners, duplicate or false-positive results often arise. Aleksandr initiated the creation of algorithms that group similar defects and eliminate repetitions. This reduced the amount of informational noise for engineers many times over, focusing their attention only on real problems in the code.
For Aleksandr, the preservation of the company’s financial and managerial independence remained fundamentally important. Product development was carried out using the company’s own funds generated by the service business, without attracting external investment. This approach made it possible to concentrate on building high-quality functionality and a long-term development concept, rather than adjusting to the short-term requirements of investors. As a result, by 2020, AppSec.Hub had secured its first major customer in the banking sector, which confirmed the maturity of the product.
The innovative nature of Aleksandr’s approaches was recognized at the industry level: in 2019, the company’s solutions became finalists in the Skolkovo Cybersecurity Challenge. In effect, AppSec.Hub began forming the category of systems for application security orchestration and correlation, later associated with ASOC and ASPM, even before these terms were formally consolidated by international analytical agencies such as Gartner. This allowed the company to take leading positions in the market for tools used to build secure development processes.
By 2022, the company had demonstrated substantial growth, becoming a significant player in the Russian IT sector. The transition to a product model ensured high business margins and made it possible to expand the team of specialists. Under Aleksandr’s leadership, the company successfully passed through a stage of transformation, preserving its consulting expertise while simultaneously developing a line of flagship software products that, in several segments, had no direct analogues.
A new strategic direction in Aleksandr’s activity at the end of 2024 was the integration of artificial intelligence technologies into cybersecurity processes. With the development of large language models (LLMs), the need emerged to protect AI systems themselves. Aleksandr recognized this as a factor capable of changing the market landscape and initiated the development of the AISecOps strategy. This approach implies the protection of the entire AI pipeline, including data, models, and integration layers, against specific types of attacks.
According to colleagues and partners, Aleksandr’s contribution lies in the creation of a methodological foundation for the entire industry. It was largely due to his initiatives that customer organizations began introducing standards under which security is checked not once before launch, but daily, at the stage of writing each line of code. This changed the culture of software production, turning security into a basic functional requirement rather than an optional add-on.
By the beginning of 2025, expertise in AppSec and DevSecOps had become the company’s principal asset. Aleksandr continues to supervise the stages of product development, paying particular attention to complex methods for matching vulnerabilities identified in source code with defects detected on running environments. These technical tasks remain a challenge for the global cybersecurity community, and their solution may further automate data protection processes.
Aleksandr’s activity also includes an educational and advocacy function. For many years, he acted as an ambassador for the idea of automated vulnerability detection at a time when manual audits and penetration testing still dominated the market. The gradual transition of the industry toward cloud-based analysis tools and continuous monitoring confirmed the correctness of the development vector chosen by him as early as 2013.
The professional path of Aleksandr Pinaev reflects the evolution of an entire segment of information technology. From the first outsourcing contracts to the creation of complex AI security management platforms, the company followed a path based on a clear vision of business needs. The founder’s personal involvement in key sales, architectural decisions, and strategic positioning ensured the resilience of the structure during periods of market change.
Today, the company under Aleksandr’s management functions as a center of competence where new standards of interaction between humans and technologies in the field of security are being formed. The development of Stingray and AppSec.Hub continues in line with global trends toward automation and the use of machine learning for detecting hidden defects in software systems.
The importance of such technology companies in the contemporary ecosystem lies in the creation of a trusted environment for the operation of critical digital services. The systematic approach to software protection implemented through the company’s tools enables businesses to minimize the risks of data leaks and financial losses, ensuring the reliability of IT infrastructure amid the growing complexity of modern cyber threats.
