Impact
Significant Reduction in Vulnerabilities
In the first half of 2025, Essent achieved a clear decline in the number of open vulnerabilities. While exact figures are not available, this is described as a “big reduction,” indicating a measurable and substantial result of the new approach.
Faster Response Times
Thanks to real-time insights provided by the cloud security platform and automated alerts, teams are able to respond more quickly to new vulnerabilities. A quote from Eveline van Blitterswijk confirms that teams are taking independent action faster, resulting in less need for manual follow-up.
Increased Security Awareness
The integration of security into the daily workflow has led to a cultural shift: development teams no longer see security as a blocker, but as a strategic partner. This has resulted in more proactive behavior, increased collaboration, and fewer “blind spots” such as orphaned resources.
Strengthened Collaboration and Visibility
Through collaboration with both the E.ON CNAPP teams and internal enablement and development teams, security has been embedded at both the team level and the Agile Release Train level. This has increased the visibility of the security function, improved communication, and made collaboration more accessible.
About
The past several years has seen a surge in interest in energy—driven by rising prices, the urgency of climate action, and the increasing threat landscape targeting critical infrastructure. Whether it’s the shift to renewables or the growing number of cyberattacks on energy systems, energy has become a focal point of global attention.
As the largest energy company in the Netherlands, Essent has experienced this shift firsthand with an increase in digital traffic as customers access their accounts more often than before. To meet these demands while maintaining a secure and seamless user experience, Essent is embracing modern technology practices and empowering its teams to take ownership of security.
To keep pace with market demands and rapid technological change, Essent’s DevOps teams deliver frequent updates and continuously improve their services. But with this speed comes the challenge of embedding robust security practices that teams can manage independently.
As a Security Engineer at Team Rockstars IT, Inge Mationschek is currently embedded within Essent’s Security Engineering team, where she focuses on enabling secure development practices across the IT department. As part of these practices, the security engineering team set out to make vulnerability management (VM) a part of development teams’ workflow. At the time, they were using different automatic and manual methods to detect, track and assign vulnerabilities. They needed a solution that would not only streamline vulnerability tracking but also empower teams to take ownership of their systems and security responsibilities.
If you’re familiar with the PPT framework—People, Process, and Technology—you’ll know that effective solutions require alignment across all three areas. At Essent, this model has been expanded with a fourth pillar: Policy.
PEOPLE
Security starts with people. Together we focused on building a strong security culture where awareness is high and ownership is clear. By bringing vulnerability insights directly to software development teams, one saw a shift: when developers understand the risks and their responsibilities, they act.
PROCESS
They standardized the vulnerability management process to ensure consistency and scalability. This included:
– Weekly email reports to keep teams informed
– Live online sessions to raise awareness and provide hands-on guidance
– A Slack support channel and walk-in hours for real-time help
– Tailored Essent-specific onboarding documentation and easy-to-follow workflows
TECHNOLOGY
They started using a cloud security platform that enabled the new strategy. It scans the cloud infrastructure, contextualizes vulnerabilities, and prioritizes them based on real risk.
The Teams as Code concept was also adopted to automate access for teams to this platform. This made onboarding seamless and ensures that every team has the right level of visibility and control.
A centralized developer dashboard now also shows each team their open vulnerabilities, with direct links to the tool for deeper insights. This can be taken one step further in the future with integrations to automatically create Jira tickets for specific use cases and alerting teams upon detection of vulnerabilities by sending notifications to their Slack channels.
POLICY
Clear policies define expectations and responsibilities. By aligning people and processes with well-communicated policies, a structure was created where everyone knows their role in maintaining security.
In the first half of 2025, Essent achieved a big reduction in vulnerabilities, demonstrating faster, more effective responses.
This shift has been accompanied by a rise in security awareness across teams and greater visibility of the security function itself, fostering easier and more frequent collaboration. There is also increased motivation to identify and assign ownership for orphaned resources, helping to close infrastructure blind spots.
Most notably, security is experienced less as a blocker but more as a strategic partner—enabling faster, safer innovation. This cultural transformation has strengthened visibility and awareness at both the team and Agile Release Train (ART) levels, embedding security as a natural part of day-to-day operations.
“The implemented solution provides accurate and up-to-date insights into the security of our landscape, enabling teams to respond immediately to emerging threats and reducing the need for me to follow up with them about their security status.” – Eveline van Blitterswijk, Engineering Manager at Essent
Along the way, we’ve learned valuable lessons about what it takes to embed security into a fast-moving tech organization:
- Prioritize system maintenance—and make it clear that this includes resolving security vulnerabilities
- Give teams direct access to insights on their security posture so they can take ownership
- Use a variety of communication channels to guide developers into new ways of working
- Automate wherever possible, and continuously adapt to the evolving needs of your teams
- Secure leadership support early, and ensure management consistently reinforces the importance of the team’s ownership of security
Collaboration
Team Rockstars collaborates with Essent to bring its seamless customer experience to life—this time for internal customers: the development teams. By integrating vulnerability management directly into developer workflows and empowering teams with the right tools, processes, and support, Essent ensures that security remains a core part of its agile operations—without slowing down innovation.
This journey also highlights the power of collaboration. Working closely with the E.ON CNAPP team (Essent’s parent company), multiple Essent enablement teams, and the development teams themselves, they’ve co-created practical ways to integrate security into daily workflows, foster ownership of vulnerability management, and—most importantly—enable a lasting cultural shift.
Projects like these reinforce a core belief: security is a team sport, and when everyone plays their part, the entire organization wins.
“The solution gives teams real-time security insights, enabling faster responses and reducing my need to follow up.”
Want to know more?
Feel free to contact us at anytime! Fill in the form and one of our colleagues will be in touch.
Contact
"*" indicates required fields
