Development Team Security Teardown $995NZ + GST

There are often many issues with any given Development Teams process, such as the following points:

  • The way the individuals communicate
  • Obstacles that slow the Team down unnecessarily
  • Waiting on information and decisions from people outside of the team
  • Team members getting asked to do tasks not on the critical path
  • Lack of autonomy
  • lack of necessary skills and knowledge to create robust, scalable, extensible, maintainable, and secure systems
  • High level of multi-tasking
  • Low morale due to many issues
  • Many others

Similarly there can be many technical issues that negatively affect the rapid development of the type of software solution you are trying to get to market, such as:

  • High defect counts
  • Code tightly coupled and hard to extend
  • Interfaces, encapsulation and abstractions breaking down
  • Lack of test coverage, and in some cases too much test coverage in the wrong areas, and even the wrong types of tests
  • Not knowing where and how to start in terms of improving your information security stature

As Software Developers, often we can’t even see the faults in front of us. Sometimes it’s just a matter of not wanting to rock the boat.

Imagine Being Able To See What You Could Never See Before

This is where a second pair of eyes with the knowledge and experience of working with and mentoring many high performance, security focussed Development Teams, can really provide the visibility you’ve been looking for to make the best decisions.

Kim’s ability to sit within a Development Team for a short period of time, intuitively working with your key stake holders, discussing in brutal honesty where the lowest hanging fruit is in terms of items that are slowing your Team(s) down, and stopping them from reaching their maximum performance and effectiveness has proven immensely valuable to many organisations.

We will provide you with the visibility and actionable items you need in order to make the positive changes your Development Team(s) need.

This is not a road map, but will provide you with the visibility and quick tips you need in order to make the most important changes quickly. We can help create a road map for you if you need additional detail and direction.

Give Your Development Teams The Leading Edge

This service provides a teardown of either one of the following. There will be some cross-over between the two options, but this engagement is only for one of the following two options:

  • Your Development Team’s process and practises.

    If we are performing teardown on the process and practises, it will be focussed primarily on the people involved and how they do what they do

  • Your chosen software project you are currently developing and/or maintaining, reviewing.

    If performing the project based teardown, the work will be mostly of a technical nature

Here’s How It Works

If the area of focus is on your Development Team’s process and practises,
Kim will visit your site in person or work with you remotely. We will review the target Development Team and supporting personnel, their process and practises, and how they interact with each other. We will look at how they are performing, document and discuss potential areas for improvement, as well as their areas of strength. We will capitalise on the Teams strengths, and create actionable work items to improve the Teams weak areas and further leverage the Teams strengths.

If the area of focus is on your chosen software project,
Similarly Kim will visit your site or work with you remotely, reviewing as many of the following artefacts that you can make available as possible, document and discuss potential issues, improvements, and areas where the system is in good shape that can be further capitalised on:

  • Build Pipeline / Supply Chain
  • Test Suites (Unit, Integration, Behavioural)
  • Coding Standards, etc

If working remotely, Kim can video or take annotated screen shots of potential issues and provide guidance on how to improve.

Each member of the Development Team will receive free copies of the first two parts of Kim’s book series “Holistic Info-Sec for Web Developers” (weighing in at approximately 700 pages) which much of Kim’s knowledge and experience has been distilled into. this will serve as an invaluable ongoing self learning, and reference resource to help keep the Team on Track.

If you’re ready to lift your Development Teams game and give them the edge they need…

Reserve Your Consultation

Currently we have availability for select new clients.

Reserve Your Confidential Consultation

Money-Back Guarantee!

We are so sure we can provide the high quality advice you would expect, that we offer a money back guarantee. If at the end of the engagement, you feel that you have not gotten your money’s worth, just let us know and we will refund your payment.

Review our Portfolio and Testimonials for some of the teams we have helped reduce costs, security defects, and improve code quality, process and practises by providing consulting services.

What our customers are saying

Andrew Balfour

Owner/Managing Director, Solvam Corporation Ltd

Kim Carter was engaged on a contract basis to implement and guide our future software development for School-links.

In doing that he -

  • Brought to our product a much higher level of expertise and capability complementing our development team
  • Directed a disciplined and methodical software development process as the Scrum Master of ‘Scrum’
  • Helped with the restructuring and planning of our infrastructure in order to scale the product successfully
  • Brings security expertise at a high level with the ability to implement ongoing security hardening program and audits
  • Introduced the Scrum process which provided more consistent and accurate release cycles enabling our marketing efforts to be better coordinated and focused

Kim is a good team member and we will look to reengage with his services when required.

Stefan Streichsbier

Numisec Pte. Ltd

I’ve met Kim at DevSecCon Singapore in 2017 where he gave a well-received workshop. A few months later we had a project where his top-notch strong Node.js security code review skills were required and this gave us the chance to work together closely.

Over a 2 week period he was doing security code reviews of containerized Node.js microservices in a very thorough way. We communicated well and progressed quickly. Kim has a very broad yet deep understanding of modern application security that comes from years of experience. I can recommend Kim to anyone who needs an application security expert and wants a professional second opinion on the security posture of an application.

Kim has had the unique opportunity to work in both defensive (development) and offensive (penetration testing) teams, across many domains, for a large number of years. This has produced a deep understanding of what Development Team(s) need in order to help you create solutions that will effectively resist attacks from your adversaries.

Kim’s experience within Development Teams is exhibited frequently at conference talks, workshops, podcasts that he hosts, and distilled in the books he writes.

The following presentation Kim gave at BSides Wellington was around the additional process and practises that he advocates Development Teams embrace and make part of their culture.

Chapter four of the first part of the Holistic Info-Sec for Web Developers book series addresses process and practises for Software Developers based on the learnings of the attackers.

You owe it to your Development Teams to give them the edge they need to produce the software solutions you require. Don’t put it off any longer…

Reserve Your Consultation

Currently we have availability for select new clients.

Reserve Your Confidential Consultation

Kim only has availability for a few of these engagements per month. Scheduling is first come, first served, so the sooner you book your consultation, the sooner your Development Team will be able to really start performing.