Why would a cybersecurity company be named BirdyFoot?

My interest in cybersecurity started back in 2001 after I watched Swordfish with Hugh Jackman. Laugh if you want, I still love that movie. I had to be the hacker.

I didn’t come from much. I got kicked out of high school and had to go to work early. I ended up bartending in the St. Louis nightclub scene. Long nights, loud rooms, and constant pressure taught me how to read people, stay calm, and deliver when things got chaotic.

I landed my first tech job by talking my way into a software testing role while bartending. I had a good bartending job, maybe the best one in St. Louis, but I was ready to move on from that industry. Leaving my kids every night to bartend pushed me to find something better. I wanted them to know Dad was home when they slept. So, when I met the start-up founder, I had a plan in my head to get a job there, study, learn, code, and build relationships. That‘s what I did, and I ended up with my first tech job. During that first job, I was lucky enough to find a few great mentors along the way. I still talk to those old guys today. That was over a decade ago.

Since then, I’ve worked deep in systems and security. From OAuth flows and identity infrastructure to cloud automation, security architecture, real-time systems, incident response, and helping teams under pressure. Now I want to pay it forward.

I’ve seen what happens when good teams move fast and security and good practices start slipping through the cracks. I’ve lived it. And I’ve helped teams dig out of it. One of the moments I’ll never forget came from a client incident years ago.

When teams move fast, they lose visibility. And without visibility, there’s no real security. Only risk you haven’t seen yet.

We were running into issues with an application we were building. Users would log in, perform some actions, and then performance would drop. Eventually the app would just fold up for no clear reason. Deadlines were looming, and leadership wanted to know if we were going to make it.

As we dug in, it became clear that we lacked the visibility we needed. We couldn’t see what users were doing, what the system was doing in response, or where the failures were starting. Without that kind of insight, troubleshooting felt like guesswork. And in security, guesswork is a risk multiplier. When we met with the infrastructure lead for help, he started asking what seemed like basic questions. Who owns this service? What does it do? Who‘s using it? What kind of resources is it consuming?

I didn’t have half the answers. Neither did my team.

We had been building fast, shipping features, and chasing deadlines. But we were doing it blindly. There was no reflection on what we were running, why we built it that way, or what impact it was having.

What hit me hardest was that none of us could describe what “normal” even looked like. It was quite a humbling experience.

When teams move fast, they lose visibility. And without visibility, there’s no real security. Only risk you haven’t seen yet.

That experience, and many others like it, shaped how I think about building and securing systems. Security should not just be a list of controls or a stack of alerts.

Security should leave tracks.

Security should leave tracks. That’s where the name BirdyFoot comes from. You should be able to understand what risk you carry at any point in time. You should be able to see what’s running, who touched what, and why it matters. That kind of visibility is how teams move fast and stay safe.

This and many other realizations is what led me to start BirdyFoot.

Our first offering is BirdyFoot Systems, a consulting arm that helps scaling engineering orgs:

We work side by side with in-house teams as a trusted layer: technical, embedded, and practical.

If you’re scaling fast and wondering whether security is slipping through the cracks, let’s talk. DM me or visit birdyfoot.com