
Embedded Engineering for a SaaS Security Platform
Industry
Cybersecurity / SaaS
Company size
1 - 10 Employees
About
StickSecure is an AI-powered cybersecurity and compliance management platform developed by Australian firm StickmanCyber. It provides organizations with a unified workspace to automatically assess cybersecurity posture, manage regulatory compliance (e.g., ISO 27001, Essential Eight), and track risks in real-time without the heavy enterprise overhead.
The Situation
A Sydney-based cybersecurity technology company had built a SaaS platform for managing security operations. The platform served enterprise and mid-market clients, helping them manage security incidents, track vulnerabilities, and coordinate their security operations function.
The business was growing. The platform was being extended. The engineering requirements exceeded what the internal team could absorb.
What the company needed was an embedded engineering team that could work inside the platform — not manage it from a distance — and deliver features against the product roadmap while maintaining the reliability standards a security operations platform demands.
The commercial context was significant: an engagement valued at approximately $35,000 MRR at peak — reflecting both the scale of the delivery commitment and the confidence the client placed in the team’s ability to operate at that level.
The structural challenge: security technology companies have a credibility requirement that does not apply equally to other SaaS categories. The platform itself exists to help clients manage security risk. If the platform’s own development practices are undisciplined, that is not just a technical problem; it is a commercial one.
Key Result Metric: Consistent feature delivery against the roadmap, maintained platform reliability, and a commercial relationship that reflected the value being delivered — not just the hours being billed.
Why they called us
The relationship was initiated through direct commercial outreach and qualification — a competitive process in which Halcrow was selected based on both technical capability and operating model fit.
The client’s leadership, including the CEO, was actively involved in the commercial negotiation. The terms required Halcrow to commit to a meaningful delivery scope, with contracts reviewed through the standard legal process.
Law 7: Accountability without gatekeeping. The client needed a team that could be trusted to operate with significant autonomy — making technical decisions, managing deployment processes, coordinating with internal stakeholders — without requiring constant oversight. That level of trust has to be earned through the operating model, not just claimed in a proposal.
How we worked
Embedded Engineering: Feature Development and Platform Maintenance
The engineering team was embedded inside the client’s development process, operating with the client’s own tooling, deployment pipelines, and sprint cadences rather than imposing a separate process from outside.
Feature development: the team delivered product features against the roadmap. New capabilities for the security operations platform were designed, built, tested, and deployed through the client’s established release process.
Platform reliability: a security operations SaaS requires consistent platform uptime and performance. The team participated in incident response processes and maintained the reliability standards the client’s enterprise customers expected.
R&D activity: the engagement included formal R&D claim documentation, reflecting the platform’s investment in capability that advanced the state of the client’s technology. This was managed as part of the commercial relationship.
The commercial relationship was more complex than a typical time-and-materials arrangement. At peak engagement, the monthly retainer reflected a significant resource commitment. The relationship required formal contract documentation, legal review, and ongoing commercial governance.
The wind-down of the engagement was managed through a structured final invoice process, with credit notes and reconciliation handled professionally.
WHAT CHANGED
The client gained delivery capacity that allowed the product roadmap to move at a pace their internal team alone could not sustain. Features that would have queued for months were delivered in weeks. The platform’s capability expanded during the engagement period.
The relationship ended on commercial terms that reflected the complexity typical of enterprise-scale SaaS engagements — including the kind of invoice and credit reconciliation that happens when engagements of this size wind down.
WHY THIS WORKED
Cybersecurity technology companies are unusually sensitive to the quality of their engineering practices. The platform’s customers trust it with their security operations. An embedded engineering team that brings undisciplined delivery practices into that environment creates risk — not just technical risk, but reputational risk.
The Halcrow team operated with the discipline appropriate to the context. Code review processes, testing standards, and deployment practices reflected the environment they were operating in.
Law 11: Infrastructure is product. In a security operations platform, the way the product is built is part of the product. Clients who are paying to have their security operations managed by a SaaS tool are implicitly also evaluating whether the SaaS tool’s own engineering practices are trustworthy. That evaluation starts with how the team operates.
what you're buying
This case study is published without the names of the client or product at the client’s request. The engagement details, commercial structure, and outcomes are accurate.
If you are running a security or enterprise SaaS platform and need an embedded engineering team that can operate at the standards your clients expect, book a 20-minute call with Halcrow.