Challenge
Scalable Capital relied on a mix of self-developed tools and third-party solutions, which required noticeable manual effort and created inefficiencies across workflows.
Developers are dependent on the security team to create exceptions for false positive or acceptable vulnerability findings and sometimes to support triaging vulnerabilities, creating bottlenecks and limiting developers’ ability to proactively address risks.
Scalable Capital’s decentralized tools and processes for compliance reporting and audit preparation led to time-consuming, manual efforts to collect evidence for fulfillment of regulatory requirements.
Solution
Scalable Capital replaced legacy tools, consolidated operations, and automated vulnerability management with Wiz Cloud and Wiz Code, reducing manual intervention and streamlining workflows.
Scalable Capital embedded security into developer workflows with Wiz, enabling them to proactively and seamlessly manage vulnerabilities as self-service.
Using Wiz’s real-time compliance dashboards and automated frameworks, Scalable Capital simplified compliance reporting, reduced the manual workload for audits, and gained centralized visibility into their entire AWS infrastructure.
Less than one day
to deploy Wiz across complex cloud environment
Reduced manual effort for all development teams
by eliminating ticket-based SLA tracking and exception workflows
95% of Wiz users are developers or engineers,
democratizing security across the organization
Modernizing security for a fast-growing financial services platform
Scalable Capital, a European financial services company, powers an innovative investment platform that requires robust security practices to ensure the protection of its infrastructure, customer data, and services. With a rapidly growing platform and an engineering-driven culture, Scalable Capital faced challenges in streamlining security workflows, achieving real-time vulnerability visibility, and maintaining compliance without manual effort.
The company previously relied on a mix of self-developed and third-party tools, including tfsec for Infrastructure-as-Code (IaC) scanning and AWS Inspector for Vulnerability scanning. While useful for analyzing code, these tools operated in isolation and were disconnected from the runtime context. Each scan required manual intervention for triaging and resolving misconfigurations, slowing down development cycles and audits. Developers relied on the security team for exceptions of false positives and acceptable vulnerabilities and in some cases support for triaging vulnerabilities, creating bottlenecks and limiting their ownership of security responsibilities. The decentralized approach also hindered scalability, making it difficult to diagnose misconfigurations at the source or generate compliance reports efficiently.
"We wanted to move away from an in parts manual and ticket-based legacy system,” says Julian Suttner, Senior Engineering Manager - Platform Engineering & Scalability Engineering at Scalable Capital. “We aimed to enhance our security posture across the entire infrastructure and code by achieving greater automation, improved visibility, and a more developer-friendly experience"
Wiz made risk management easier and more tangible for our developers. They now have better tooling and context which improves their experience when fulfilling their security responsibilities.
Julian Suttner, Senior Engineering Manager - Platform Engineering & Scalability Engineering, Scalable Capital
Scalable Capital sought a solution that could both democratize security across the organization and act as a business transformation partner. The team wanted to improve visibility by connecting code-level findings with their impact in the cloud runtime, automate security workflows, and empower developers to proactively address misconfigurations and hardcoded secrets within their IaC workflows. This search brought Scalable Capital to Wiz.
Empowering developers through automation and visibility
After running a proof-of-concept evaluation, Scalable Capital selected Wiz to transform its security workflows and empower its engineers. While the team initially considered other CNAPP solutions, Wiz’s comprehensive capabilities provided everything Scalable Capital needed to centralize and streamline security processes. This included its developer-friendly interface, ease of usability across teams, and extensive automation features that aligned with the company’s engineering workflows.
Scalable Capital deployed Wiz via Outpost (customer-hosted scanning infrastructure), which gave the team greater control over deployment, data flow, and permissions to align with security and compliance standards. The team completed the entire complex implementation in less than one days, fully integrating Wiz into its large AWS environment. Afterward the rollout extended across the entire engineering organization, encompassing Wiz Cloud to detect and prevent cloud risk and Wiz Code for secure cloud development by scanning Infrastructure-as-Code (IaC) templates in their repositories. The platform engineering team handled the technical integration, while the security team set critical policies and service-level agreements.
Wiz provides real-time updates, so we don’t need to rerun scripts, maintain custom tracking solutions or manually keep stakeholders updated — we always know the current state out of the box.
Julian Suttner, Senior Engineering Manager - Platform Engineering & Scalability Engineering, Scalable Capital
Engineers enthusiastically adopted Wiz, appreciating its intuitive user interface (UI), actionable context, and ability to streamline previously manual workflows. Wiz’s ability to seamlessly integrate with Terraform allows developers to manage potential misconfigurations within their IaC templates and files, creating a smoother, self-service remediation process. “The UI and automation features were very well received by engineering teams, especially compared to our old solution,” Suttner says. “It’s developer-friendly and intuitive to use.”
In addition to vulnerability management, Scalable Capital relies on Wiz for compliance reporting and audit preparation, using built-in frameworks to automate key processes. With its commitment to consolidation, Scalable Capital also began transitioning from older open-source scanners such as tfsec to optimize workflows further while embedding Wiz deeply into its ecosystem.
Democratizing security across teams
The adoption of Wiz has helped establish the culture of security even deeper across Scalable Capital, with engineers, platform teams, and security teams alike benefiting from Wiz’s comprehensive and automated approach. “What really stands out is how much we’ve reduced reliance on multiple teams for triaging vulnerabilities,” Suttner explains. “Wiz empowers every engineer to see their own risks and take action easier.”
The rapid deployment of the solution enabled engineers to quickly integrate vulnerability and compliance management features into their workflows, eliminating previous bottlenecks and manual processes. Developers gained ownership of vulnerabilities through a seamless integration with Terraform, allowing them to address issues directly in pull requests without relying on manual ticketing processes. This shift included greater use of automation, including features like expirations for easier issue management, resulting in faster triage and resolution times.
Wiz isn’t just a tool for us. It’s a partner in transforming the way we approach security. It’s made the entire process more collaborative and scalable for the future.
Julian Suttner, Senior Engineering Manager - Platform Engineering & Scalability Engineering, Scalable Capital
From a cost-savings perspective, Scalable Capital has begun consolidating its tech stack with Wiz. By relying on one comprehensive security platform, the company simplified its workflows while scaling operations more efficiently. Meanwhile, the platform’s inventory, reporting, and compliance tools gave the company a centralized view of its infrastructure, reducing manual effort and equipping teams with real-time compliance insights.
Unifying security for future scalability
Scalable Capital’s next steps focus on fully transitioning its cloud posture management and IaC scanning to Wiz, retiring legacy tools, and creating a unified security approach. By leveraging deeper integrations, the company plans to enhance collaboration and further empower developers to take proactive ownership of security.
Looking ahead, Scalable Capital also plans to deepen its use of Wiz’s seamless code-to-cloud mapping to pinpoint the exact code that introduces risk, without needing to configure anything extra. Wiz automatically ingests and analyzes Terraform state files to connect cloud resources back to their source in infrastructure-as-code. That means security teams can instantly see which misconfigured resource in production ties to which repo, module, or even line of code; no tagging or manual correlation needed. Developers have clearer information about ownership and can fix issues directly in the repo, reducing drift and restoring secure-by-default behavior across environments.
By unifying live cloud risks with IaC findings, Wiz ensures the same policies are applied consistently, whether it’s an S3 bucket in production or the Terraform code that created it. Security teams no longer have to reconcile findings from separate tools or chase dev teams for context. Instead, everything is correlated automatically, with runtime exposure, ownership, and 1-click fix suggestions built in. This tight feedback loop helps teams reduce triage time, accelerate remediation, and prove compliance with far less manual effort, turning security into a shared, continuous process from code to cloud.
Wiz will play a key role in automating compliance reporting and audit preparation, ensuring Scalable Capital maintains high standards while minimizing manual effort. These advancements position the company to scale securely, with development teams fully supported by Wiz’s code-to-cloud capabilities.
