Twenty years ago, I wrote my first line of production code. I’ve been a junior developer, a senior developer, a tech lead, and a solutions architect. I’ve built systems that serve millions of users and maintained legacy codebases that should have been retired a decade ago.
Now I’m starting my own company. Here’s why.
The Pattern I Kept Seeing
Over twenty years, I worked with dozens of companies across different industries. And I kept seeing the same pattern:
Security was always an afterthought.
It wasn’t malice. It wasn’t even negligence, really. It was just… deprioritized. “We’ll add security later.” “We need to ship this feature first.” “We don’t have budget for a security audit this quarter.”
Later never came. The feature shipped without input validation. The audit got pushed to next year. And then I’d watch the same companies scramble when something went wrong — a breach, a compliance audit, a customer asking uncomfortable questions.
I spent years being the person in the room saying “we should think about security here” and watching it get noted and ignored. Not because anyone disagreed, but because the pressure to ship always won.
Why Now
A few things converged:
The threat landscape changed. When I started my career, security was a nice-to-have for most businesses. Now it’s existential. Ransomware can shut down operations overnight. A data breach can destroy customer trust. Regulations like GDPR and SOC 2 have real teeth.
I have enough experience. There’s a confidence that comes from twenty years of building systems. I’ve seen what works and what doesn’t. I’ve made mistakes and learned from them. I know how to architect software that’s secure by design, not secure by accident.
I was tired of watching. At some point, you either accept how things are or you try to change them. I decided to stop being the person who raises concerns and start being the person who solves problems.
What Aitchdien Does
I founded Aitchdien to help companies build software that doesn’t keep them up at night.
We do three things:
Security-first development. We build software with security baked in from day one — not bolted on before launch. Authentication, authorization, data protection, input validation, audit logging. All the things that get skipped when you’re racing to ship.
Security remediation. Already have software in production? We audit it, identify vulnerabilities, and fix them. Practical, prioritized, and focused on actual risk — not a 200-page report that sits in a drawer.
Architecture consulting. Sometimes you don’t need us to build it. You need someone experienced to review your design, spot the weaknesses, and help your team do it right. That’s often the highest-leverage work we do.
The Uncomfortable Truth
Here’s what I tell prospective clients: the best security investment is boring.
It’s not buying the flashiest tools or hiring a team of ethical hackers. It’s building your software correctly in the first place. It’s training your developers. It’s having someone review your architecture before you write the code.
It’s doing the unglamorous work that prevents problems instead of the heroic work that responds to them.
That’s not a sexy pitch. But after twenty years, I’ve learned that companies don’t need sexy. They need software that works, that scales, and that doesn’t become a liability.
What’s Next
I’m building Aitchdien slowly and deliberately. No venture funding, no pressure to grow at all costs. I want to do good work for companies that value quality over speed, and build relationships that last.
If you’re building something and want security to be more than an afterthought, reach out. Even if you’re not ready to engage formally, I’m happy to talk through what you’re building. Sometimes a conversation is all it takes to avoid a mistake.
Here’s to the next twenty years.