Sometimes you just need a security focused developer with experience to come in and get work done. We love writing code. Small features in a larger project, a small standalone project, or a longer term engagement we can dive right in.
Integrating Security Into Development Process
From setting up signed commits, code scanning that isn’t awful, dependency vulnerability management, secrets management, and other shift left activities we can not just document potential improvements but help your development team integrate them into their development workflow in a way that minimizes disruption while maximizing improved security.
Addressing Identified Vulnerabilities
Identified security vulnerabilities but you don’t know what do to next? We can help. We can write proof of concept exploits so you can prove when it’s fixed, design and implement the best way to fix it, and help you with all the other steps you need from update rollout to public disclosure.
Planning, Coaching, & Consulting
We can come in document a plan of attack and leave that plan for your team to execute. We can mentor more junior security teams or great developers who don’t have a lot of experience with security topics. We can also just be a resource to answer questions on obscure topics or to jam on some whiteboard sessions to help a team validate they are headed in the right direction.
Technologies We Love
- Virtualization & Cloud
- implementing virtual machines, containers, or FaaS or just using them; there are a lot of security considerations you don’t want to skip
- Embedded Security
- embeded may be small but it’s complex; we can help lock it down
- Mandatory Access Controls
- apparmor or selinux, you can leave the policy writing to us
- Application Self-Protection
- seccomp, privileges, access controls, encryption, measurement, data sanitization and more; your app never felt so secure
- customizing AOSP or building a play store app; we’ve been there
- “hello world” to kernel modules; our love of Linux runs deep
- x86, ARM, PowerPC
- we love all architectures; even RiscV
Referrals & Coordination
If we aren’t the experts in an area you need we can refer you to the right experts. We can also coordinate with your own internal security teams or be the coordination point for other security sub-contractors.
These are services we don’t provide directly.
- Windows, AIX, Solaris, HP-UX, z/OS, Cobol, and Ada Development
- Compliance auditing for SOC2, FIPS, Common Criteria, HIPPA, PCI, STIG, or other security standards
- Penetration Testing