When organisations undertake any form of change, there is a potential to add new risks to the equation. This is particularly true, from a cyber security perspective, when there is development of new systems or changes to systems and infrastructure. Root cause analysis of many of our penetration testing projects often point to this as a key risk. Building security into the project lifecycle has often been a challenge; security is often seen as a blocker and running contrary to project goals and timelines. This is particularly acute in environments where speed to market is a critical competitive advantage. This can lead to building projects with significant security flaws. As organisations move away from traditional waterfall development toward agile and DevOps approaches, the role of security becomes even more important.
Our approach to ‘Secure by Design’ is focused on making security relevant to the process and building security champions within the development community; this reflects our view on the personal effectiveness of security professionals in challenging risk and working in partnership with the broader business. In particular, we help clients by: