Why We Hack Purple and I are joining Semgrep

Why I'm choosing Semgrep, and what the future will hold for the AppSec Community.

When I started We Hack Purple, I wanted to change our industry. I wanted knowledge about application security to be a lot easier to find, and for there to be WAY more AppSec professionals. I wanted there to be a clear path into our field, and I wanted to make it easier for everyone to make secure software. I wanted it to be easier than when I followed this path, for every person coming after me. Since that fateful day in February 2020 where I announced I was starting a low-cost AppSec training company, we have graduated hundreds of new AppSec pros, secure coders, Azure Security nerds, and more into our industry. We also built a beautiful community of over 8,000 people, who help each other learn, problem solve, and grow. I cannot tell you how proud I am of the work my team and I have done; I feel like we have truly helped people.

Fast forward a few years…Once I understood how to run a company, get contracts, pay people, and do all the business stuff, I realized that I had a choice to make: take venture capital funding and go big, or continue to bootstrap (but help fewer people). I struggled over this, and so did my team. We decided to stay small , and give more personalized service, focusing on community and other projects close to my heart (such as supporting other amazing communities like The Diana Initiative, Ladies Cyberjutsu, and Day of Shecurity). Even if it was limiting at times, this meant we were always proud of our work. 

Then one day I was talking to my friend Clint Gibler, and he had an idea…What if We Hack Purple merged with a company that loved building community as much as I did? What if I didn’t need to charge money for my training, so I could give it freely to everyone? And what if that company happened to make truly innovative AppSec tools that I was already working with regularly for my clients? At first I thought it sounded a bit too good to be true… then Clint made some introductions!

At this point I was already familiar with, and quite impressed by, Semgrep’s offerings. Besides Clint bragging to me about all the cool stuff he did at work, I saw it in action with my community members talking about it and after helping several of my consulting clients switch from what I call “first gen SAST” over to Semgrep. You should hear their comments: “The devs don’t hate us anymore!” Anyway, once I had the chance to speak to more people inside of Semgrep, and learn about their values (open source, community, education, making SAST go FAST!), I felt like if we worked together that we could create something truly special.

With this in mind, We Hack Purple and I are merging into Semgrep!!!!! 

If you are part of WHP Community, Academy, or an enterprise client, do not worry! All Academy students will have a year to finish their courses, and yes I will still be personally answering your questions. :-D  The WHP community is slowly going to merge with the Semgrep community, with way more events, content, FREE training, and more! Now that I won’t have to be responsible for running an entire company by myself (Thanks Semgrep!). As Semgrep’s new Head of Community & Education, I can focus my entire attention on creating and delivering more education, to more people, than I ever thought possible. We also want to grow the community into the largest and most friendly secure coding community possible! And I want all of you to be a part of it with me.

Stay tuned for events, content, training and more! In fact, why not start with joining the Semgrep newsletter, to ensure you don’t miss a thing? I’m going to start writing for their blog and running events, and you will see all my activities, and more, by signing up now! Seriously, this is going to be so much fun!

Thanks for reading my exciting news! <3 

Read more here:


Semgrep Logo

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.

Find and fix the issues that matter before build time

Semgrep helps organizations shift left without the developer productivity tax.

Get started in minutesBook a demo