Driving Cybersecurity Workflows with AI-Enhanced Software Development – with Frederic Rivain of Dashlane and Tsavo Knott of Pieces

Riya Pahuja

Riya covers B2B applications of machine learning for Emerj - across North America and the EU. She has previously worked with the Times of India Group, and as a journalist covering data analytics and AI. She resides in Toronto.

Driving Cybersecurity Workflows with
AI-Enhanced Software Development-min

This interview analysis is sponsored by Pieces and was written, edited, and published in alignment with our Emerj sponsored content guidelines. Learn more about our thought leadership and content creation services on our Emerj Media Services page.

Cybersecurity remains an enormous concern for business leaders across the global economy. According to the Office of Management and Budget, which monitors compliance with the Federal Information Security Modernization Act, federal agencies disclosed a total of 32,211 cyber incidents to the Cybersecurity and Infrastructure Security Agency.

The government’s cybersecurity efforts are showing progress, with 12 federal agencies scoring 90-100 on their composite cybersecurity score and seven agencies scoring 80-892.  These challenges stand to persist as the Government Accountability Office reports that more than 850 of its 4,000 cybersecurity recommendations to federal agencies since 2010 have not been fully implemented.

Emerj Senior Editor Matthew DeMello recently sat down with Frederic Rivain, CTO of Dashlane, and Tsavo Knott, co-founder and CEO of Pieces, to discuss the importance of integrating security measures early in the software development process and the challenges startups face in balancing security with resource constraints, emphasizing the need for user-friendly and convenient solutions in the tech space.

Pieces is an AI-driven software company that builds a platform to enable software developers to work more efficiently. Dashlane is a password manager that claims to securely store and manage passwords, auto-fill login details, and monitor for data breaches to protect users’ digital identities across devices.

The following analysis examines three critical insights from their conversation:

  • Prioritizing user convenience to drive security adoption: Security products like password managers must be simple and intuitive, as users are more likely to adopt them for their convenience rather than security alone.
  • Developing cross-platform tools to enhance workflow continuity: To improve user experience, Pieces is tracking and documenting work across all operating systems and applications, ensuring seamless recall of past activities without relying on fragmented solutions like multiple open browser tabs.
  • Prioritizing early security integration in development: Integrate security measures from the beginning of the software development lifecycle, ensuring continuous oversight and involvement in product planning and coding.

Guest: Frédéric Rivain, CTO, Dashlane 

Expertise: Cybersecurity, Leadership, Gaming

Brief Recognition: Frédéric Rivain is the Chief Technology Officer at Dashlane. He has close to 20 years of experience in B2C and B2B SaaS, e-commerce, and cybersecurity. He excels in team leadership, project delivery, and fostering growth, and he is an active speaker and mentor in the tech community.

Guest: Tsavo Knott, Technical Co-founder & CEO of Pieces

Expertise: Coding, Software Development, Entrepreneurship, Interactive Media, Computer Science

Brief Recognition: Tsavo graduated from Miami University in 2018 with a Bachelor’s Degree in Game and Interactive Media Design as well as Computer Science. Before co-founding Pieces in 2020, he served as vice president and co-founder of Accent.ai, a language learning platform.

Prioritizing User Convenience to Drive Security Adoption

Frédéric highlights that for security solutions like password managers to be effective, they must prioritize user convenience. If a product is too complex or not user-friendly enough, consumers won’t use it. Therefore, creating a simple, intuitive, and enjoyable experience is crucial. When users find a product easy and delightful to use, they are more likely to adopt it and, as a result, receive its security benefits. 

He says that people choose solutions like Dashlane or Passkeys not just for security but because they save time—automatically filling in passwords, logging in instantly, and making account registration seamless. The “magic” experience of convenience is what drives adoption, rather than security alone. 

For instance, using a passkey to create a GitHub account is effortless and secure without users even realizing it. This convenience-first approach is critical to driving the adoption of security features.

In response, Tsavo emphasizes the importance of simplicity and convenience in security solutions, noting that “less is more.” He shares a recent experience of setting up a new MacBook and Pixel phone, which involved re-entering passwords and logging into various apps. 

During the process, he encountered different security tools like iCloud Keychain, Google Passkey Manager, and physical USB-C passcode unlockers for platforms like GitHub. He found this overwhelming and confusing due to the abundance of options. 

He continues to stress the importance of convenience, particularly during the onboarding process for password managers. He points out the complexity of managing different passwords stored across multiple platforms like iCloud Keychain, Google Passkey Manager, and even physical devices like USB-C sticks. This fragmentation makes it difficult to get started with a new tool. 

Developing Cross-Platform Tools to Enhance Workflow Continuity

Tsavo explains that the Pieces system monitors and understands user activity across all applications on the operating system, including network interactions, file usage, and foreground applications. 

A more comprehensive view allows users to query the system for specific details, such as when they encountered an error, what websites they visited, or where they spent most of their research time. The system focuses on developer-centric processing by filtering out non-technical content and zeroing in on code-related activities to reduce unnecessary processing.

Tsavo believes the next big area for data exploration and identifying vulnerabilities lies at the device level—specifically, within the applications installed and the user’s overall activity on the operating system, not just within web browsers or the cloud. Such data, which is often overlooked, has significant potential for uncovering security risks. 

He envisions a future where tools like Dashlane and others are continuously active at the OS level, enabling proactive and intelligent user experiences that identify and address potential issues. However, with multiple systems running similar processes, there’s a risk of overloading devices, making it challenging to determine the best way forward.

Frédéric agrees with the notion that any code can introduce vulnerabilities, so it’s essential to have visibility and oversight across all systems and applications. However, he recognizes that achieving this on such a broad scale, beyond just the browser, is a significant technical hurdle.

Tsavo explains that his system aims to solve a fundamental problem related to documenting work progress. When people spend hours working on various tasks—like visiting websites, talking to others, or working on projects—they rarely document every detail at a granular level, such as which sites were most important or who they interacted with. However, recalling these details later is often necessary. 

“And that’s where you’re picking up where you left off. But if you’re like me right now, the solution is just to leave all 50 browser tabs open, and that’s your best hope at not losing that context. We think it could be better. But the challenge, at least, is moving closer to where the user is, and the user is not just in one app—it’s a full experience across their entire toolkit.”

–Tsavo Knott, Technical Co-founder & CEO of Pieces

Prioritizing Early Security Integration in Development

Frédéric further explains the concept of “shifting left” in security, which means integrating security measures earlier in the software development process rather than waiting until a product or feature is fully developed and in production. 

Traditionally, security testing is done later by external agencies, but shifting left emphasizes starting from the beginning of development. At such a stage, security integration includes involving security considerations in the product planning stage, where product managers and developers need to think about security when defining features and designing the system.

“And then you start coding, and of course, you’re going to have security tools running on an ongoing basis. As you go through the CICD and begin to ship, security needs to be present. It has to start from the beginning and be continuous across the whole software lifecycle. There are a lot of interesting articles about shifting security from the Google team — they’ve done a lot of work on that front. You can Google it; it’s really important and interesting.”

– Frédéric Rivain, Chief Technology Officer at Dashlane 

Pieces’ own thought leadership extends advice for development leaders on, not just shifting left, but “shifting down” as to allow teams to reduce the cognitive load on devs by shifting down to the DevOps platform.

Tsavo reflects on the challenges of managing security as a resource-constrained startup, noting how difficult it is to devote time to security when the company doesn’t have a dedicated Chief Security Officer (CSO), especially at the Series A stage. He emphasizes how this continuous focus on security is demanding, particularly when building a product for developers that comes with its constraints.

To manage security demands, Tsavo’s team initially kept everything offline to minimize security risks, avoiding cloud-based features and collaboration tools. However, as they begin to introduce cloud features, they now have to carefully consider how each new feature might impact compliance with security standards like SOC 2 or ISO 27001. He finds it overwhelming to think about security constantly, especially for something as complex and crucial as managing passwords, which involves highly high-level security considerations (“level 100 security”).

Frédéric responds by emphasizing the importance of starting small with security, regardless of the organization’s maturity or resources. He argues that it’s better to do something rather than nothing. For example, while a Series A company may not be able to afford an extensive bug bounty program with million-dollar rewards, they can still initiate a private program, inviting a small group of security researchers to review their code and identify vulnerabilities. 

Frédéric’s approach allows the company to gradually build up its security processes and resources as it grows. He also notes that as a company expands, it becomes a larger target for security threats, which necessitates increased investment in security over time.

Subscribe
subscribe-image
Stay Ahead of the Machine Learning Curve

Join over 20,000 AI-focused business leaders and receive our latest AI research and trends delivered weekly.

Thanks for subscribing to the Emerj "AI Advantage" newsletter, check your email inbox for confirmation.