A strong security program begins with building security in at the ground level. However, with a projected shortage of 3 million cybersecurity professionals, getting the right resources to build security in can be a daunting task.

One way to close this gap is to provide security education to your organization through targeted training to increase your organizations security awareness and knowledge. Considering that security is everyone’s responsibility, the education does not have to be just for technical staff. In most organizations, both technical and non-technical staff are exposed to information technology systems. Exposure to these systems means exposure to cybersecurity related threats.

Securely Built can provide the training that your organization needs to build a security mindset. We can provide training for your product development team to build more robust security into your products. We can train your non-technical staff on how to be more security aware and reduce their exposure to security attacks like phishing and social engineering. We can provide awareness training to your executive staff so that they are able to take security into consideration when making decisions.

When education is not enough, we can help you develop a security program in your organization that is backed by real world experience and industry standards. We can provide guidance on how to benchmark your current security posture and create a path toward increasing your security footing. We take in to consideration the rules and regulations that are specific to your industry and make sure that you are working towards a sustainable security posture. We will provide a program that helps you build security into your product from the start when it can be done more efficiently.

With an expanding digital landscape and with increasingly sophisticated attackers, security can no longer be an afterthought. But you don’t need to take this journey alone. Securely Built is here to help.

Download our latest education catalog

For more information on how Securely Built can help you, contact us at: contact@securelybuilt.com

Securely Built offers several security services to help bring security to your organization.
Download our latest education catalog

Security Education Services

Technical Training

Securely Built can provide an education to development teams as well as more general education for a non-technical audience. The education can be tailored for the level of expertise of the development team as well as the topic ranging from threat modeling, secure design concepts, secure code reviews, vulnerability testing and more. Securely Built has a designed a curriculum that provides developers concepts around secure software development including:
  1. Confidentiality, Integrity, Availability
  2. Introduction to the OWASP Top 10
  3. Encryption best practices
  4. Identity and Access Management (IAM)
  5. Threat Modeling and Risk Rating
  6. Using security testing tools in the SDLC
Securely Built can also tailor your education needs by customizing the training to target your specific business.

Non-Technical Training

For the non-technical audience education can include current security topics, how to protect yourself on the internet, how to prevent phishing, how to spot an attack and more. The education is designed to be for audiences of all technical levels and can be used to meet general security awareness training compliance. This training includes the following:
  1. Anatomy of a Cyber-Attack
  2. Data Security & Privacy
  3. Privileged Access & Least privilege
  4. Phishing & Social Engineering attacks

Security Talks

Have Securely Built come give a talk at your next conference or an on-premise talk at your company location. Talks can be tailored to your industry and subject matter. In each talk, Securely Built relies on years of real-world experience in engineering and security to present you with the industries current challenges around security as well as the best practices to be better prepared to handle these challenges.

Secure SDLC (Software Development Life-Cycle) Services

Risk Assessment

Building a Secure SDLC Program

Defining a Secure SDLC can be a daunting task. With the various models and frameworks that are available it can difficult to understand which ones can work in your environment. Securely Built has experience in developing a Secure SDLC program using industry standards and well-known process and frameworks. By reviewing your current development practices and pipelines, Securely Built will provide guidance on ensuring that your development team has created a more secure posture.

Starting with the design phase through deployment Securely Built will help with the creation of secure development requirements, a maturity model that fits your organization, security testing and developing an operating model that maintains security throughout the development pipeline and supply chain.

Security Maturity Model

Securely Built can help your business build a maturity model that provides you with a path to more secure development. With a maturity model, you will be equipped with the means to measure your current security posture and determine the best path forward to increase your security.

Threat Modeling

Threat modeling can be achieved in two ways. The first and arguably the best method is to gather with the development team and diagram the architecture. During this activity the various components of the application will be identified including external connections. Threats and risk will be identified using the threat classification model STRIDE.

An alternative method to threat modeling is the use of a tool like Microsoft Threat Modeling Tool that can be used to diagram your architecture and create a list of potential threats following the threat classification model STRIDE.

In either case, Securely Built can assist with the creation of the threat model, identification of the threats, recommendation on the remediations and possible courses of action.

Application Scanning

Scanning of the code and application can occur at several stages and can include multiple tools working in concert to provide a complete picture of the software vulnerabilities. There are many tools that can be used. They can be open source tools that provide some visibility into the possible vulnerabilities, as well as commercial tools that can provide more robust output. Securely Built can aid in choosing which tools are appropriate for a given application and how to configure them and return meaningful metrics.

Experience

Over twenty years of experience in the engineering field in both hardware and software engineering. Including several years working in the security field driving security projects at the enterprise level. This entails providing security education, performing threat models, security and risk assessments, vulnerability management, driving adoption of security analysis tools, writing security requirements, guidelines and standards as well as working with teams to ensure the security processes are understood and followed. With a firm understanding of what security controls and policies work in various architectures throughout the development life-cycle, let Securely Built bring security to your organization. (See the full profile)

Education and Certifications

MS in CIS with a concentration in Cyber Security from Boston University.
ISC^2 certifications: CISSP & CSSLP

Memberships

OWASP Member
ISC^2 Member
Center for Cyber Safety and Education - Authorized Volunteer

Presentations

OWASP AppSec USA 2017
The 'S' in IoT is for Security

Publication

HFMA Article

Blog