Our culture

The work is hard. It's not hard to be here.

Most people who join PortSwigger say some version of this once the novelty of the first weeks wears off and the real texture of the place starts to show. The problems are genuinely difficult. The standards are genuinely high. And somehow, that doesn't make it harder to be here — it makes it better.

What follows is an attempt to explain why. A genuine account of how the place works — where it came from, what it asks, and what it gives back. The values described here are what happens when you put a particular kind of person in a particular kind of environment and let them build something they actually care about.

Before the business grew beyond its first few Swiggers, we asked a simple set of questions. What if work could actually be fun? What if we could create a place where people wanted to be, where they strive together to build something that changed the lives of the people who used it? This is what we set out to build. But a culture like this is fragile — small decisions that seem routine can erode it quietly, and a company that loses its culture can't simply rebuild it later. So we're deliberate — and deeply committed — to nurturing it.

Carrier of the culture

Read this guide properly as a genuine account of something worth protecting. You are now a carrier of the culture. Everyone at PortSwigger is. When something feels off — something that doesn't match what's written here — say something.

Where it came from

PortSwigger began with one person building a tool for himself. In 2002, Daf was a security consultant writing scripts to automate the tedious parts of web pentesting. One of them — a proxy tool named Burp, for no particular reason, complete with actual burping sound effects — caught on. He released it in 2003, anonymously, under the hacking handle he'd been using for years: PortSwigger. One who swigs port.

For the next decade, it was essentially a one-man operation. No investors. No marketing team. Word of mouth and the quality of the tool. When users emailed in, Daf replied. The tool had developed a following that went far beyond what he'd expected of a side project.

When the business grew large enough to need a team, Daf sat down and wrote out what kind of employer he actually wanted to be. He'd seen enough of the corporate world to know what he didn't want. He framed it as The Unit Test, the way a developer checks software, and put it on the wall in the first Knutsford office in 2013: we have fun; we work hard; we make Burp as good as possible; our customer service exceeds expectations; we are fair and generous to everyone; we don't follow the herd.

The PortSwigger Culture Unit Test — the six principles written on the wall of the first Knutsford office in 2013

For sixteen years, the business grew without a single penny of outside investment. In 2024, PortSwigger took its first — a $112 million round. Daf kept control. Those six principles didn't change. What you're reading now is the grown-up version of them.

Our mission: enable the world to secure the web.

A mission earned through the quality of what we deliver, not self-declared at the start of our journey. We build the tools practitioners trust, the knowledge that trains security professionals, and the community that makes anyone who cares about security better — so together we can make the internet safer. We do this through work we genuinely love. Joy, mastery, and purpose belong together, and here they usually do.

What that looks like depends on where you sit. Right now, somewhere in the world, a security practitioner is using our tools to find a vulnerability before someone with bad intentions does — in critical infrastructure, financial systems, healthcare, or any one of the thousands of organizations that rely on the web being secure. If you're in engineering, you're building the tools they rely on. If you work in a customer facing role like sales or customer success you get the tools into their hands and make sure they can use them effectively. If you're in finance, culture or any support function, you're sustaining an organization that has chosen, repeatedly and deliberately, to invest in the health of the broader security community rather than extract from it. That choice is the mission made operational.

We do this through work we genuinely love — and that's not an aspiration, it's a description. Joy, mastery, and purpose belong together, and at PortSwigger they usually do. Belonging here grows from that: it's built on contribution over categorization — what you bring to the work and to each other, not your title or how you might be labeled elsewhere.

"PortSwigger gives me a really pure sense of belonging. I'm not made to feel like a label or a token employee. I feel like I belong here because of what I bring: my thinking, my work, and the way I contribute to the community. That focus on contribution over categorisation has made belonging feel natural, and grounded." — Culture Survey, Q4 2025

The people, and how we work

Maintain the bar

Hiring here is deliberate. We look for people with exceptional potential — people who share our values, bring depth in their craft, stay curious and humble, and help strengthen the team around them as they grow. We'd rather leave a role unfilled than lower the standard. The result is a team where working alongside your colleagues is itself a form of development.

In practice

Every candidate goes through a calibrated process — confidence indicators, multiple assessment rounds, and honest discussions about fit. We've kept roles open for months rather than compromise.

"The access to knowledge and talent is incomparable to other places — it really is a building filled with experts." — Culture Survey, Q3 2024

Default to trust

We default to trust because it's the right thing to do and allows us all to do the right thing — building, creating, innovating — delivering on our mission.

No timesheets. No sign-off processes. No micromanagement. You are trusted to manage your own time and priorities from day one, because the alternative — monitoring, approval chains, demonstrating your hours — is a signal of distrust, and distrust is corrosive.

But trust only works if people are genuinely safe to make mistakes.

Freedom to fail is not accidental here — it's something we actively protect. Bold experiments are celebrated, not punished. In our All Hands meetings, Swiggers share stories of when things went wrong as openly as when things went well. In 2025, over a third of All Hands presentations included a failure story and the lessons it produced.

"The freedom to fail we get is unlike any other place." — Culture Survey, Q3 2024

But freedom without structure isn't freedom — it's chaos.

Structure enables freedom. Real autonomy is intentional, not accidental. We give Swiggers genuine ownership — and we build the conditions that make it meaningful: clear goals, shared plans, and a delivery rhythm that means one person moving fast doesn't create chaos for everyone else. Autonomy without direction is just noise. Structure without trust is just control. Together, they're how things actually get done here.

That structure creates the conditions for accountability to be something people choose, not something imposed.

We hold each other to high standards. Accountability here isn't handed down from above; it's something people hold for themselves. Swiggers commit, deliver, and raise problems early rather than quietly, because that's how we respect each other's time and effort.

Doing this well relies on transparency. We work in the open. This is both the why and the what of how we work. Information is shared openly by default because visibility builds shared context and better decisions.

We believe we work better together — because it creates this visibility and accelerates our impact.

That is why we default to in-office working. Collaboration is central to both our performance and our wellbeing. Working in the same physical space enables spontaneous conversations, fast decisions, and stronger team relationships. It also helps us spot issues early, support each other naturally, and move with the trust and rhythm that high performance depends on.

We are a people first organization, where Swiggers are trusted to do the right thing. Treating Swiggers as whole humans creates the safety net that lets them use that agency. Psychological safety matters here and protecting it is essential, not nice to have. PortSwigger is its people, and we look after them.

That safety doesn't happen by accident and our culture doesn't maintain itself. That is why we're deliberate about how we grow it. We actively transmit what makes PortSwigger distinctive: through how we onboard, how we communicate, how leaders behave day to day.

Every Swigger, in every location, is a carrier of the culture. We don't leave that to chance.

Relentless learning

Purposeful learning sits at the heart of everything we do — it drives our personal development, our products, our mission, our appetite for change.

How we do that starts with every Swigger taking ownership of their development.

Development at PortSwigger is self-driven, coach-supported, and rooted in real work. Swiggers learn by doing, get help when they need it, and grow through feedback, mentoring, and everyday challenges. Roughly 70% of development comes from the work itself, not from programs. That's a deliberate bias toward immersion over instruction.

In practice

Professional development is as unique as the person pursuing it. High performance isn't about ticking boxes — it's about growing in the areas that matter most to you, with the support of coaches and the people around you.

"I wouldn't think twice about applying for PortSwigger again. The opportunities I've been exposed to and the calibre of people I've been able to learn from are above and beyond what I could ever have imagined going into a graduate role." — Culture Survey, Q3 2024

At PortSwigger we have a bias for action. We ship, learn, and improve — in that order. Getting something real in front of the people using our tools matters more than waiting until it's theoretically right. We iterate quickly, course-correct fast, and simplify by default.

But action without evidence is just activity.

We seek to make decisions informed by data, because curiosity without evidence is just intuition. We check assumptions and update our views when the evidence points another way. Whether you're launching a product, designing a process, or setting a team direction, "what does the data say?" is always a fair question.

Our bias for action is sharpened by leaning into tools that magnify our impact.

AI is part of how we work at PortSwigger. We embed it into daily workflows, onboarding, development, research, and decision-making as a genuine multiplier. When AI emerged as the most significant shift in how software is built and security is practiced, PortSwigger didn't wait to see what others did. We moved fast.

In practice

We give every Swigger access to just about every major AI tool — software engineers, the finance team, the workplace chefs, all of us. They're here as a genuine force multiplier: think faster, work better, go further. As new tools and techniques land, picking them up is part of the work, the same self-driven way we grow in everything else.

Adopting new tools is one expression of something deeper.

Change or die. Learning for us lives in a world where change is welcomed. Where disruption and challenge provide opportunities to learn. Where trialling a non-standard solution to a problem is not seen as a career limiting decision, but instead an unlock for innovation and creativity.

And change means thinking for ourselves — not watching what everyone else does. That instinct — don't follow the herd — is one of the six principles from our original The Unit Test.

The 'don't follow the herd' artwork — a stylised sheep illustration representing PortSwigger's sixth founding principle

The willingness to go where the evidence points, even when it's uncomfortable, only thrives when you feel genuinely safe to say what you actually think. That is why we believe that all Swiggers should be able to ask anything, fear-free. We protect a space where half-formed ideas are worth voicing, where admitting you don't know something isn't costly. There are no stupid questions, because asking them is how individual curiosity becomes collective knowledge.

The standard and the care

High Bar, High Care

High Bar, High Care sounds like two values in tension. It isn't. It's one coherent position.

High ambition without real support produces burnout. Real support without high ambition produces drift. PortSwigger holds both.

At PortSwigger we aim to win. We aim to be the best in the world at what we do — because the practitioners who trust our tools are doing consequential work, and they deserve nothing less. When a bug gets through to a customer, or a response is slower than it should be, someone cares — because we know who's on the other side and what they're trying to accomplish.

Our high ambition sets the standard every day: shipping things that genuinely surprise and delight; reviewing each other's work with the scrutiny we'd want applied to our own; holding the quality bar when it would be easier to let something through, striving to achieve your best not just "clear a ticket".

"This environment isn't for everyone, and some might find it challenging to thrive here. Personally, I love it — I get to work alongside the best of the best." — Culture Survey, Q1 2025

But our high bar can't be achieved in isolation. At PortSwigger care and performance aren't opposites — one is what makes the other possible.

We see them as Yin–Yang: high performance and high support. We work hard and aim high. We also hold each other with genuine care — checking in, keeping pressure healthy, building the psychological safety that makes honest feedback possible and bolder goals worth setting. The support at PortSwigger extends beyond the professional and into the personal — and that isn't incidental to how we perform; it's what makes high performance sustainable.

PortSwigger's yin and yang — a visual metaphor for High Bar, High Care

This sentiment extends to our workplaces. Our workspace experience sets the bar and shows care. Our offices are living expressions of our high standards and high support — environments where Swiggers can aim higher and that looks after them while they do so.

We recognize that holding to high standards is hard. So we design our internal system to make high performance easier. Our leaders lead by lifting others, they see their role as enabling others. Leadership here is shared, not status-based. We collaborate without ego, support each other to succeed, and help others grow beyond the role they were hired for.

"Just when someone's struggling, or someone needs help, the Swiggers here are always really supportive, and in meaningful ways. Almost shocking, how much it's present." — Culture Workshop, Q2 2026

Sometimes the bar is hard to reach. When someone is struggling to meet the bar, we name it — early, directly, and with genuine support behind the conversation. We try to find the path back to success together: a real conversation, a proper attempt, not a slow drift toward an outcome no one has named. That's a tension held honestly rather than smoothed over: we say so early when someone isn't meeting the standard, and we invest meaningfully in the attempt to change that.

In practice

The Immune System is the name we give to how we handle performance when it drifts — and the instinct is always support-first. Step in early, be clear about the gap, invest meaningfully in the person's improvement. Quarterly HPRs and Swigger Success Champions from the Culture team are part of the same joined-up approach.

Our cultural contract — the give and the get

Generous by default

Generosity at PortSwigger starts close. Swiggers are generous with each other — with their time, knowledge, support, and care — and the same instinct shapes how we show up for the people we build for.

One of the most visible expressions of that generosity is how we treat knowledge.

We see knowledge sharing through a force-for-good mindset. The Web Security Academy has been free since the day it launched, as has Community Edition of Burp Suite. The vulnerability research we publish goes straight back into the industry, openly and without restriction. These aren't marketing choices — they're expressions of a founding instinct: when knowledge moves freely, the bar rises for everyone.

That instinct runs through the organization. You can go to anyone at PortSwigger and ask a question. The response is an eager willingness to share. We share knowledge openly: what matters is what we can collectively learn and achieve with it, not where you sit in the structure.

"Even in the small gestures that every Swigger does every day — you can go to anyone and ask a question, and they don't turn around and go, like, I'm not gonna waste my time on you. There's an excitement, almost, to share knowledge and give people time." — Culture Workshop, Q2 2026

This same instinct drives how we treat customers.

Our customers are security practitioners doing work that matters — and we don't lose sight of that. We aim to surprise and delight, and the way we treat them isn't a customer service strategy; it's our culture applied outward. Being generous, doing the right thing, enabling people rather than extracting value from them. The anchor is always the mission: we're here to enable practitioners to do better security, not just to sell software.

And generosity applies inward too. When PortSwigger wins, we all win.

PortSwigger rewards generosity. Above-market pay and share options recognize individual contribution, promote fairness, and align our long-term success with the value we create together.

"Working at PortSwigger has changed my life for the better. I've had access to more opportunities than I could ever have asked for, developed skills I didn't know I needed, and been rewarded more generously than I ever imagined possible." — Culture Survey, Q1 2025

This generosity is also shared between Swiggers.

At PortSwigger, feedback is a gift. Giving and receiving feedback is part of how we help each other achieve the incredible. We give feedback thoughtfully, with care for the recipient. We receive it with openness and gratitude.

Our feedback culture only works because we leave egos at the door.

Swiggers act with humility. We don't shout the loudest or seek the spotlight. We focus on doing great work, sharing credit, and letting the impact speak for itself. This keeps us open to learning and centered on what really matters — delivering value for others.

That humility extends to our culture itself.

The actions of every Swigger matter. Protecting our culture requires us all to recognize what it is, live up to the challenge, and speak out when it's at risk. We pull together to protect our superpower.

The relational contract between PortSwigger and each Swigger is real. The organization genuinely takes care of you — not just professionally, but as a whole person. We protect time to recharge, support different personal commitments, and we don't measure contribution in hours. When something's hard, there's no form to fill in, no case number. There's a person whose job it is to listen and help you get what you need. As one Swigger put it: "it can be that personal."

In return, you genuinely take care of the mission. That means full presence when you are at work, real focus, and a genuine drive to make things excellent. Both sides of this are high standards — and the trust underlying the exchange is what makes it possible.

What it feels like to be here

Low ego, high engagement

The fun here is real, and it takes work. PortSwigger was born from a hobby, and that playful spirit hasn't left. The humor is real, and the banter is genuine. When work is genuinely fulfilling — when you're solving hard problems with people you respect, building something that practitioners genuinely rely on — that's what fun means here.

And the fun is richer because of who's in the room. We don't tolerate brilliant arseholes — we're kind, humble, and collaborative, and that makes work feel good.

We bring together people with different backgrounds, areas of expertise, and experience levels, because our differences make us stronger. That breadth of perspective is a strategic and human strength. Different viewpoints lead to better discussions, better decisions and, ultimately, better products.

That richness shows up most in how we spend time together.

Swiggers enjoy spending time together. Fun lives closest to the work — in teams, squads, and everyday interactions. It comes from the people who bring it, and from an environment that doesn't squeeze it out. Work should be fulfilling. If we're not enjoying the journey, we're doing something wrong.

But fun at work is only sustainable if the rest of life is looked after too.

We care about whole-person wellbeing, about people's lives beyond work. Protecting time to recharge, supporting different personal commitments. We measure contribution based on achievement not on hours. Regular overworking is not encouraged. Sustainability is the aim. At times achievement means going the extra mile, putting in those extra hours. But we do this in the knowledge that sustainability is not a nice to have, it's a core requirement. People do better work when they're not running on empty.

"When I joined PortSwigger it was like coming home to my family. I found my people. Individually, I am good at what I do. Together, we are great. The value of that is more significant to me than compensation, benefits, or free lunches. That's why people should come and work here." — Culture Survey, Q3 2024

"The culture at PortSwigger is incomparable to anywhere else — nowhere else has the same focus and determination to create, nurture and grow an environment that is fun, friendly and supportive while simultaneously being challenging, productive and meaningful." — Culture Survey, Q3 2024

The six principles from the wall in 2013 are still there. What you've just read is what they look like from the inside.

Reference

Glossary of principles.

A reference guide to the shared language used throughout this narrative.

Default to trust

Freedom with responsibility

Default to trust: Brilliant people doing brilliant work. Trust is the foundation for agency, collaboration, and innovation. We hire exceptional people and get out of their way.
Freedom to fail: Bold experiments are celebrated, not punished. Learning comes from doing and from getting things wrong in an environment where wrong isn't career-ending.
Structure enables freedom: Agency works best when everyone is pulling in the same direction. Clear goals, shared plans, and a delivery rhythm that lets individuals move fast without creating chaos for each other.
Accountability: Trust comes with clear ownership and the expectation of follow-through. High trust requires high reliability.
Transparency — work in the open: Information shared openly by default across teams, roles, and locations. The why as well as the what.
We work better together: Collaboration is central to both performance and wellbeing. Co-location enables the trust and rhythm that high performance depends on.
People first: Treating Swiggers as whole humans creates the safety net that lets them use their agency. Psychological safety is essential, not nice to have.
Deliberately building culture: Culture doesn't maintain itself. We actively transmit what makes PortSwigger distinctive — and we don't leave that to chance.

Relentless learning

Curiosity beats certainty

Own your development: Self-driven, coach-supported, rooted in real work. Swiggers grow through feedback, mentoring, and everyday challenges.
Bias for action: Pragmatic progress over theoretical perfection. Iterate quickly, learn by doing, simplify by default.
Decisions informed by data: Curiosity without evidence is just intuition. We measure what matters and update our views when the evidence points another way.
AI as part of how we work: AI embedded into daily workflows as a genuine multiplier — not a novelty, but a tool that makes thinking sharper.
Change or die: We embrace disruption before it finds us. Trialling a non-standard solution is an unlock for innovation, not a career risk.
Don't follow the herd: Decisions based on reason and evidence, not industry defaults. Original thinking is valued over standard playbooks.
Ask anything, fear-free: A blameless space where half-formed ideas are worth voicing and admitting you don't know something isn't costly.

High Bar, High Care

Ambition + support

Aim to win: We want to be the best in the world at what we do. Ambition is a daily practice, not a quarterly aspiration.
Long-term orientation: We play the long game, not the quarterly one. Quality today protects excellence tomorrow.
We lead by lifting others: Leadership is shared, not status-based. Our leaders see their role as enabling others to succeed and grow.
Yin–yang: high performance and high support: High ambition and genuine care are not in tension — they're one coherent position. Both are required to sustain high performance.
When the bar is hard to reach: Early honesty, a genuine attempt, and genuine support. If the path back doesn't exist, we part with respect and dignity.

Generous impact

Think beyond yourself

Open knowledge, force-for-good mindset: When knowledge moves freely, the bar rises for everyone. WSA, Community Edition, and our research are expressions of this instinct.
Delight customers: We aim to create products and experiences that customers love. Our value proposition should make the product an obvious choice.
Reward generously: Above-market pay and share options recognize individual contribution and align long-term success with the value we create together.
Feedback is a gift: Give thoughtfully. Receive with openness and gratitude, even when it's not the gift you were hoping for.
We act with humility: Great work, shared credit, impact speaks for itself. Keeps us open to learning and centered on what really matters.
We pull together to protect our superpower: Protecting our culture requires every Swigger to recognize it, live up to it, and speak out when it's at risk.

Fun is fundamental

If it stops being fun, rethink

Fun at PortSwigger is real — and it takes work: The playful spirit is present in how we approach problems, spend time together, and treat each other. It lives in the work, not in company programs.
Our differences make us stronger: Diversity of background, perspective, and experience is a strategic and human strength. Inclusion isn't an initiative — it's what makes the culture work at its best.
We enjoy spending time together: We don't tolerate brilliant arseholes. Authentic laughter beats contrived team-building. The relationships we build are what turn a good job into a great community.
Whole-person wellbeing: Achievement not hours. Sustainability is the aim. We work hard, but recognize that people do their best work when they're not running on empty.

You made it to the end.

Where to next?

Join Us Life Here