CUSTOMER STORIES | GUMTREE

GumTree: Empowering Distributed Security with Limited Resources

Empowering Distributed Security with Limited Resources

GumTree-LOGO

Organization Size

  • 80 developers

  • 1 security professional

Industry

Online Classifieds Platform

Region

AUSTRALIA

The Challenge

Les Nagy faced a common but daunting scenario: as the sole security professional at Gumtree, he needed to implement application security across 80 developers in a distributed security model. The organization needed structure and measurement capabilities without the bandwidth to create custom training from scratch. With multiple teams at varying maturity levels, they required a scalable solution that could empower developers to own security rather than rely on a non-existent dedicated AppSec team.

The Solution

Gumtree implemented SafeStack's development training and Horizon products, focusing on:

  • Out-of-the-box training content with built-in measurement

  • Security Champions program to distribute security ownership

  • Easy-to-consume format accessible to all team members

  • Simple SSO integration (completed in 30 minutes)

Implementation Approach

Les kept the implementation deliberately simple, creating a flat organizational structure within the platform. The Security Champions program became operational quickly, with monthly meetings to review wins, allocate tasks, and uplift security maturity. The focus was on baseline training initially, targeting junior developers who benefited most from foundational content.

The platform really is just out of the box and it helps organizations get going. The crawl, walk and run concept is perfect for us."

Leslie Nagy
Head of Cybersecurity

Result & Impact

Cultural Transformation:

  • Security shifted from being seen negatively to being discussed "way more often"

  • Developers volunteered for the Security Champions program

  • Security became part of regular team conversations

Operational Success:

  • Monthly Security Champions meetings established

  • Maturity measurement framework in place

  • Progressive task allocation for security uplift

Key Insight: "The platform really is just out of the box and it helps organizations get going. The crawl, walk and run concept is perfect for us." -  Les Nagy, Head of Cybersecurity

Lesson Learned:

One-size-fits-all training worked well for entry-level but could be enhanced with multiple maturity tracks

  • The Security Champions program wouldn't have succeeded without the familiarization and training SafeStack enabled

  • For organizations with limited security resources, the platform's usability and approachability was crucial for developer adoption

Ready to scale security across your development team?

See how SafeStack can help you build a Security Champions program and empower developers to own security—even with limited resources.

Book a Demo