Advisory Services

Interested in seeing a full overview of our Advisory and Verification services? click here

Application Security Advisory

Application Security Baseline and Framework Development

Let Security Compass help build upon your current SDLC, application risk profile, tools, and risk management processes to create a secure SDLC framework for your enterprise. Our framework is flexible enough to help you get a hold of your application’s security requirements and verification needs, including DAST, SAST, third-party verification, penetration testing and remediation in your preferred ALM tool.

Let us advise on policies, procedures, and application onboarding activities that can best fit your secure SDLC needs, whatever stage you’re in today. Our Consultants can advise on each stage of the secure SDLC, helping educate your teams, train your developers, work with vendors to integrate your tools, and provide expertise towards remediation efforts across your entire portfolio of applications.

Leverage this data to build an AppSec risk baseline of all your applications, allowing you to consolidate all your AppSec activities and easily report risk up to management and the board.

Application Risk Profiling

We work with you to identify known and unknown applications, building a profile of assets that may put your enterprise at risk if left unchecked. We prioritize the applications based on criteria such as business function, data sensitivity, exposure and more. Each application is assessed by priority, using the profile to inform the focus for each assessment, helping you understand the nature of each application in addition to risk level and vulnerabilities.

The result is an understanding of your risk exposure across all applications, allowing you to take action on short term remediation, or develop a secure SDLC framework around these assets for the long term.

Agile Security Advisory

We work with your security and development leads to understand your agile development methodology and use of continuous integration tools. We recommend and help pilot security activities that can be integrated into existing agile SDLC processes, partnering with your teams to ensure that your staff can continue to build at speed with security in mind.

Software Development Life Cycle (SDLC) Gap Analysis and Best Practices

An SDLC gap analysis is a thorough investigation of your application development framework and environment. We evaluate the strengths and gaps associated with your SDLC program, your program’s level of maturity compared to industry standards, and your organizational risk profile. Our goal is to generate an SDLC roadmap with recommendations for short-term, medium and long-term improvements over 2-3 years.

Secure Development Standards

We work with your organization’s business stakeholders and developers to collect business drivers, assemble profiles of existing applications, and draft a reusable set of secure development standards that are tailored to your organization’s application needs.

Periodic Security Assessments and Delta Analysis

We partner with your team to identify strategic business goals and work together to determine what types of security assessments would benefit your needs the most. Our managed security assessments provide an expert touch to periodic vulnerability assessments and penetration tests. Our consultants work with you to focus our weekly, monthly, or quarterly scan results in a way that meets business needs and integrates seamlessly with your team’s existing processes.

Security Program Management and Execution

Focus more on strategy and less on the tactical execution of your security assessments. Security Compass can help you manage your security program needs. Our team of Consultants and Project Managers work with you to directly interface with your application business units, raise awareness of your security testing goals, work with your application teams on technical requirements, and execute assessments and vulnerability read-outs.

We ensure your application owners understand their action items, critical issues, and help facilitate remediation. This allows you to focus more on overall strategy, risk management needs and reporting to upper management.

Training and Education Advisory

Security Champion and Centre of Excellence (CoE) Program

We have expertise in developing and rolling out Centre of Excellence (CoE) Programs within large organizations. A CoE promotes one individual as a security champion within each relevant business unit. They become the local expert for software security within that unit, they champion security issues for their unit, and become corporate security’s liaison to that business unit. We provide education and training for these security champions on application security best practices so they are knowledgeable, keen, and ready to take on the role of a security champion.

A CoE program is a powerful way to help promote communication between business units and the security team, enabling complete, efficient and standardized security testing across the organization.

See this brochure for more information about our Software Security Champions Program.

Phishing and Employee Awareness Campaigns

Employees can be a major weakness to enterprise security. We can design custom phishing simulations to help you identify security awareness gaps within targeted business units, regions, or across the entire organization. Instead of only one simulation, this phishing simulation is repeated on a periodic basis, so that you can measure your improvements over time. We can also leverage various avenues of phishing such as spear phishing, malware, click tracking and more, allowing you to target your audience. This allows you to measure the effectiveness of your controls and changes made to your awareness programs, helping provide management with insight into the overall effectiveness of your security awareness program.

Contact Us

You’re different, and we know it.

We are your guide to planning, assessing, and helping you build secure information systems to keep your business productive.

Contact us to find out how we can help you.

Some of
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere