AdvisoryRetailClient Story

Security assessments performed for 20 customer applications, 50 physical retail stores and 12 business lines

A major telecommunications and media company engaged Security Compass’s expertise to help execute an extensive security assessment across 20 customer applications, 50 physical retail stores and 12 business lines - all to be completed within 5 weeks. No problem.
Read our other Retail Client Stories.

North America
Retail, Technology

Practice Areas
  • Application Security Baseline and Framework Development
  • Physical Security
  • Phishing Simulation
  • Network Security Assessment
  • Configuration Review
  • Web Application Security Assessment

Our Client’s Challenge:

  • A need to raise the profile of cyber security to the management board and to demonstrate the strategic value of building a security program across the organization.
  • An urgent requirement to scale the assessments quickly and complete 240 person-days of work within 5 weeks. The Client sought a partner who could help execute a suite of assessments involving over 20 customer web applications across 12 business lines, 50 physical retail stores that served over 5,000 customers per day, with minimal impact during holiday season.
  • The Client was uncertain how internal teams would perceive the security testing as the Client had never performed such a large scale assessment. They were looking for an experienced team who could help accomplish this feat with limited time.

Our Approach:

  • Security Compass developed a close partnership with our Client’s business lines and technical security teams to ensure that the security assessments would meet the needs of all stakeholders.
  • We helped our Client communicate the goal of the security program and assessment objectives to numerous business stakeholders across the organization. This helped build a case to help the business understand the risks and our Client’s security goals, while being sensitive to the perception and communication strategy required to gain buy-in.
  • Specific assessments performed included:
    • Social engineering
    • Web application assessments
    • Device reviews
    • Infrastructure and network assessments

The Result:

  • Security Compass helped our Client complete all the 240 person-days of work within 5 working weeks. We helped our Client meet tight timelines and ensured that strategic recommendations could be reported up to their management board in time for the Client’s next board meeting.
  • We helped our Client build a business case for stronger IT security within the enterprise and opened the eyes of business stakeholders to security risks.
  • We were able to communicate the value of penetration testing and security assessments for our Client which could be leveraged to set a baseline for future strategic improvements and management reporting.

Our Advisory services team has more than a decade of experience focused on Application Security. We take a flexible approach to your strategic security problems.

Whether you are a global enterprise looking for advice on security strategy and governance, a major financial seeking support on regulatory compliance and penetration testing activities, or a startup looking for high quality assessments to give customers assurance for your business, we're here for you.

Our credentialed professionals are experts in how to break applications and fix code, who take pride in helping you succeed in your Secure SDLC and Secure DevOps programs. Contact us today to learn how we can help solve your organization’s application security challenges.