DryRun Security welcomes Andrew Peterson to its board, bringing proven category-defining leadership and a culture of meaningful progress to help guide the company through the AI-driven transformation of application security.
A blog from James Wickett, Co-founder and CEO of DryRun Security.
In 2014, I joined Signal Sciences as part of the early engineering team. It was an incredibly exciting time for me as it felt less like joining a company and more like attempting an overhaul of the appsec industry. As the team worked remote and gathered every few months in Andrew's apartment in the early days, we were trying to reconcile two startup realities: the blank canvas of what the product could be and the existential risks that come with being a small team.
During that season, Andrew would regularly tell the team, “Make meaningful progress today.” It was a simple phrase, but it carried weight. Startups are overwhelming by nature. Andrew’s framing was not about heroic sprints or dramatic pivots. It was about the steady, daily advancement of meaningful progress. That rhythm shaped how we worked at Signal Sciences, and in many ways it has shaped how we build at DryRun Security.
I didn’t know Andrew particularly well before joining Signal Sciences, but I knew the other co-founders, Nick Galbreath and Zane Lackey from industry events like DevOps Days, AppSecUSA, and through an intro from the now-infamous Gene Kim. Over time, as I got to know Andrew, I came to appreciate something that is far rarer than it should be in leadership: he leads through relationship. I was a remote employee for all of my time there, and whenever I flew in for company meetings, Andrew would find time to take a walk with me to check in and ask how I was really doing.
What struck me most was that this did not change as the company grew. As fundraising intensified, as the sales organization expanded, as the product matured, Andrew grew as a leader, yet he did not outgrow his proximity to the team.
There are also aspects of company-building that employees do not fully see until they attempt it themselves. When I began to consider founding DryRun Security, Andrew was one of the first people I called. He was candid about the pressures founders carry and the tradeoffs that rarely make it into company lore. We also talked about the weight of the responsibility and his transparency was invaluable. In DryRun’s earliest months, when we were wrestling with the inevitable doubts that surface when something is still new, Andrew coached me through it.
Beyond leadership and resilience, Andrew also shaped culture in ways that are easy to overlook in hindsight. From early on, Signal Sciences embraced a design-forward mindset. We invested in design talent earlier than many security companies would have. Security didn’t have to look like legacy software. It could feel modern and intentional and that design-first orientation communicated confidence to customers long before we had scale.
Culture, however, was not confined to our product. When the team gathered, we did not simply book conference rooms and move through agendas. We always took one evening to cook together. In Andrew’s apartment or in rented Airbnbs during offsites, we would prepare meals as a team. It felt less like coworkers performing team-building exercises and more like a family sharing a table. Those evenings built trust in ways that formal planning sessions never could. (Also, because I hail from the great state of Texas, I was always charged with preparing the meat, a task that got harder and harder to scale as we grew!)
When I started DryRun Security with Ken Johnson, I carried those lessons with me. The commitment to make meaningful progress each day. The importance of thoughtful design. The conviction that serious customers sharpen you. From the beginning, we pursued customers who would push us to be better. We engaged organizations like BigCommerce, Gusto, Tines, and more because they represent the kind of partners who demand excellence. That discipline, I believe, traces back to what I observed at Signal Sciences: credibility is earned through real adoption.
Andrew’s appointment to the DryRun Security board comes at a moment when the industry itself is undergoing profound change. A decade ago, modernizing web application and API security felt transformative. Today, AI agents are writing and reviewing code and development velocity is accelerating in ways that strain traditional security processes.
Questions that did not exist ten years ago are now central to the application security program leader:
- How do I manage shadow AI coding?
- How can security move at the speed of AI-native developers?
- Can I prevent agentic application vulnerabilities?
- How can I gain visibility into engineering?
- How can I assess risk in an environment where traditional artifacts such as SBOMs are no longer sufficient?
DryRun Security was built with today’s inflection point in mind. Our ambition is not to graft AI onto legacy workflows but to rethink the application security program for the AI-era. We describe this as code security intelligence: contextual reasoning about real risk, policy-driven visibility into both human and autonomous code changes, and a system that scales with modern development practices.
Andrew understands what it means to help define a category at precisely the moment the market is ready for it. He has navigated that terrain before, both as a founder and as an investor.
From the outside, his joining the board may be interpreted as a signal that DryRun Security is entering its next phase of maturity. That interpretation is fair, yet, from my vantage point, this step is less about signaling and more about continuity. Andrew has already been part of the DryRun story and this formalizes his role to reflect the depth of trust and alignment that already existed.
There is also something meaningful about the continuity of a shared history. Other former Signal Sciences teammates, including Chris Casey and Andrea Swaney, are part of the broader DryRun story. Shared history does not guarantee future success, but it does provide a common language for ambition and culture. We have seen what product-market fit feels like in security and we have seen what scaling requires.
The coming years will define how application security adapts to AI-driven development. The pace of change is unlikely to slow. Organizations will either evolve their security mental models or struggle under the weight of them. DryRun Security is committed to helping application security teams navigate that shift with clarity and intelligence.
Personally, I am grateful for Andrew and that we are welcoming him to the board. We are stepping into the future with a commitment to make meaningful progress today.
