Stack Overflow Expedites Security Questionnaires, Enabling Business Growth

Stack Overflow is a leading online community for developers, providing a platform for asking and answering technical questions. Founded in 2008, it has grown into a comprehensive resource with a vast repository of knowledge across various programming languages and technologies. Stack Overflow for Teams is a private, secure platform that empowers internal knowledge sharing and collaboration. Developers can find everything they need to know, all in one tool, allowing teams to efficiently find answers to their questions and share information. With millions of active users and a reputation system based on contributions, Stack Overflow fosters collaboration and knowledge sharing within the global developer community.

Stack Overflow joined forces with SecurityPal to accelerate the security review cycle, automating security questionnaires and enhancing turnaround time while streamlining knowledge management. This strategic alliance has had a transformative impact, freeing up valuable time for the Sales and InfoSec teams. They can now devote their energy to vital tasks such as supporting existing customers, closing deals, and advancing the organization's security posture, thus driving the company's growth trajectory forward.

The Challenge: Streamlining Knowledge Management for Security Reviews

With a lean Sales Engineering team, Stack Overflow was challenged with completing security questionnaires efficiently. Not only are questionnaires lengthy, requiring significant time to complete, but the questions varied and are often nuanced with different wording or tone, making it difficult to deliver appropriately scoped responses. 

At the time, the Sales Engineering team aimed to complete 50-70% of each questionnaire before passing it off to the Information Security (InfoSec) team to complete more complicated questions that fell outside of the realm of the Sales Engineers’ general product knowledge. 

"We had several new Sales Engineers at the time,” Jason Leach, Sr. Strategic Sales Engineer says. “Each questionnaire is assigned to a Sales Engineer, but it was taking a considerable amount of time to complete the first pass before it was ready for the InfoSec team. Even when questionnaires were complete, we were not always 100% confident in our answers."

The InfoSec team not only completed each questionnaire, sometimes requiring them to consult other teams for accurate responses, but would also review the entire questionnaire for accuracy. Both the Sales Engineering and Infosec teams have a wide scope of roles and responsibilities. Because security questionnaires are time sensitive, they often took priority, forcing the teams to reprioritize against other work that was vital to their success and growth. 

As questionnaires become more complex and in-depth, they require extensive internal documentation. Consequently, the InfoSec team began organically building a knowledge library to assist with answering security questionnaires, bringing together documents from Sales, Infosec, Legal, and Product teams. However, ensuring this library stayed updated with the latest insights from various departments required substantial clerical efforts. This administrative burden hindered the InfoSec team's ability to advance the overall security posture of the company.

“We needed a single source of truth, where the latest information from every team could be stored and updated, with access controls for secure storage,” Lou Manglass, Director of Information Security, says. “Building our own knowledge library was a good start, but it required tons of clerical work to maintain.”

‍

Stack Overflow sought a comprehensive solution that would automate knowledge management under a single, constantly updated repository, expedite security questionnaires, and facilitate collaboration between teams, with a particular focus on enhancing synergy between InfoSec and Sales Engineering.

The Solution: Automating Security Questionnaires with SecurityPal

The Stack Overflow team knew they needed a solution that could expedite their security review process with laser-sharp accuracy, with a constantly updated information library and an easy-to-use platform for cross-team collaboration. In their search, they reviewed several tools that rolled security questionnaires into a larger RFP platform. However, Stack Overflow rarely received RFPs or RFIs due to the nature of their business. They wanted a solution that focused on security questionnaires, without having to purchase an unnecessary RFP platform. 

Stack Overflow uses SecurityPal Questionnaire Concierge, which leverages both AI technology and expert security analysts, to expedite security reviews. It used to take Stack Overflow hours to answer lengthy security questionnaires. Now, SecurityPal completes 90.6% of each questionnaire before it reaches the Sales Engineering team — a 20% increase from their internal completion goal before working with SecurityPal. Not only are reviews faster with SecurityPal — with an average turnaround time of 2.3 days — but the answers are consistently accurate, pulling from the most up-to-date information. 

“It used to take us several hours of work to provide InfoSec a 50-70% completed questionnaire with uncertain accuracy,” Leach says. “Now, it takes minutes of work to provide InfoSec a 90% (or more) completed questionnaire with extremely high accuracy. By removing this time-consuming process from my plate, my work life has significantly improved — I’m happier and more productive”

After nearly completed questionnaires are reviewed by the Sales team, they are sent to InfoSec. Before partnering with SecurityPal, the InfoSec team spent a significant portion of their time backfilling security answers, updating the knowledge library, and reviewing questionnaires for accuracy. Now, the InfoSec team manages the SecurityPal Knowledge Library, which has reduced the amount of time required by the InfoSec team to review and confirm answers. New answers are automatically added to the Knowledge Library, without any clerical work from the InfoSec team. 

“One of the best parts about working with SecurityPal is how well integrated they are with our teams,” Manglass reflects. “The team at SecurityPal isn't just providing a service, they're helping us continually improve our processes, making us faster and more efficient. They've responded in an agile fashion to several small change requests, smoothing out rough edges. Our workflow keeps improving thanks to their partnership.”

This feedback underscores the impact of SecurityPal’s responsiveness and flexibility. Our customers not only benefit from the efficiency and accuracy of our solution, but also are empowered to offer feedback that results in collaborative iterations to align with their existing workflows.

The Impact: Freeing Up Time for Business-Critical Responsibilities 

Before partnering with SecurityPal, Stack Overflow was bogged down by a backlog of security questionnaires and administrative work to maintain their knowledge library. The Sales team struggled to complete security questionnaires at a pace that would support business growth, while the InfoSec team was pouring hours into clerical work to maintain their knowledge library. 

With SecurityPal, Stack Overflow’s Sales team has established an expedited SLA of two business days for reviews, reducing hours of work into mere minutes. New streamlined processes have allowed the Sales Engineering team to focus on supporting existing customers for renewals and pursuing new opportunities. 

“Security questionnaires used to consume a disproportionate amount of time for our team,” Leach explains, “but now we are able to focus on our primary job, which is supporting existing customers and closing new deals.” 

Key Success Metrics

Stack Overflow has discovered a crucial ally in SecurityPal, proving essential in expediting the security review process while upholding the utmost precision and compliance standards required in today's digital realm. This partnership has not only streamlined operational workflows for Stack Overflow's Sales Engineering and InfoSec teams but also provided them with the freedom to focus on critical responsibilities that fuel business growth.

For further information on how SecurityPal can enhance your security questionnaire process with increased efficiency and accuracy, contact us today.

‍