Our Team

Ducker is an AI-driven security maturity and compliance advisory firm built for VC-backed SaaS. We work with CTOs and founders — typically at companies between 10 and 150 people — who need to close security gaps before an enterprise deal, a Series B, or a SOC2 audit.

We built a proprietary assessment framework that benchmarks your security posture across six domains: Identity, Cloud, DevSecOps, Incident Response, Governance, and AI Risk. The output is a board-ready report and 90-day roadmap — not a generic checklist.

Alongside client work, we're building a security maturity platform that automates the assessment and policy generation process. Early access is available for qualifying teams.

A woman with curly hair wearing a gray blazer holding a laptop, smiling, against a geometric colorful background.

Anya

Founder

Three-time entrepreneur with deep expertise in how technical knowledge is operationalized inside organizations. Anya leads client strategy and business development at Ducker, with a focus on helping VC-backed SaaS teams build security programs that actually hold up — through due diligence, SOC2 audits, and enterprise sales cycles. Her background in instructional design and organizational learning shapes how Ducker delivers: every engagement is built to be understood, adopted, and maintained by the teams running it.

A man with dark hair and a beard smiling while holding a silver laptop, wearing a gray jacket and a black shirt, against a colorful abstract background.

Security Architect

Alek

Principal security engineer, inventor, and researcher with extensive experience designing and securing complex systems. Alek leads technical delivery at Ducker and is the primary architect of our proprietary security maturity framework — a patent-pending, AI-assisted approach to surfacing high-impact gaps across Identity, Cloud, DevSecOps, Incident Response, Governance, and AI Risk. He brings an engineering-first perspective to every engagement: no theater, no overhead, just practical risk reduction that maps to how your systems actually work.

Who We Are

We use an AI-assisted assessment framework to benchmark security posture across six domains specific to VC-backed SaaS: Identity, Cloud, DevSecOps, Incident Response, Governance, and AI Risk. Rather than applying generic frameworks, we build controls proportional to your current architecture, team size, and growth stage — designed to scale as you do.
We prioritize recommendations that measurably reduce risk and avoid unnecessary complexity or overhead. Our work is guided by the belief that well-designed security should scale with systems, teams, and time.
Ducker was founded after watching the same problem repeat itself across VC-backed SaaS companies: security programs built from generic frameworks that couldn't survive an enterprise due diligence call or a real SOC2 audit. Anya and Alek built Ducker — and the proprietary framework behind it — to fix that. The goal is security that's proportional to where you are, defensible to investors and auditors, and built to scale with your team rather than against it.

Check our services