Watch Duty

 Customer Story

As Watch Duty grew from a small startup into a high-profile nonprofit serving millions of users, security pressure increased from two directions at once. They needed SOC 2 compliance to support enterprise sales, and they were also facing real-world threats driven by their public visibility.

They ran into several challenges:

• Vendor sprawl vs. team size: The typical path to security and compliance meant adopting multiple vendors. For a team that started with just four engineers, managing several separate tools, contracts, and integrations felt like overkill.
• The dread of compliance overhead: CTO David Merrit saw a future where security and compliance work consumed a huge share of his time. Managing vendors, integrations, and day-to-day security tasks threatened to crowd out actual product development.
• High-profile threat exposure: Watch Duty operates in the public eye. As usage grew, so did malicious activity, including phishing attempts, fake apps, and domain squatting designed to exploit their brand.
• Avoiding security theater: The team wanted to avoid tools that simply produced green checkmarks for auditors. They needed real protection for their infrastructure and user data, not just compliance optics.

Watch Duty chose Fencer because it struck what the team described as the “Goldilocks” balance: comprehensive enough to cover real security needs, but practical for a lean engineering team.

• A consolidated security suite: Fencer replaced multiple point solutions by combining dependency analysis, static code analysis, infrastructure scanning, and compliance workflows into a single platform.
• Continuous security instead of checklists: Rather than relying on annual audits or point-in-time checks, Watch Duty uses Fencer to scan application code and Terraform infrastructure continuously before changes go live.
• Integrated into day-to-day workflows: Fencer integrates security scans directly into pull requests, acting as another set of eyes on every change.‍
• AI-assisted triage: Fencer’s AI snippets help explain vulnerabilities and guide next steps, reducing the need for manual research and smoothing security work across the team.

With Fencer in place, Watch Duty advanced their SOC 2 journey while building a stronger security foundation.

• Immediate critical fixes: Shortly after rollout, Fencer identified multiple critical vulnerabilities in Watch Duty’s infrastructure. The team was able to address them immediately before they could be exploited.
• Shared ownership of security: Security is no longer owned by one person. Because issues surface in everyday workflows, engineers across the team can step in and resolve problems independently.
• Automated compliance wins: Features like automatically generated infrastructure diagrams directly satisfied audit requirements, saving significant manual effort and time.‍
• Enterprise-level trust: Fencer provides a safety net that helps Watch Duty confidently support enterprise customers, who rely on the platform for critical information.