Developer Security Essentials

Workshops You Can Deliver Yourself,

to Help Developers Engage with Security

Most UK software development teams still use at most one security technique, and often none at all; even though their organisations are now liable for the huge costs of security breaches.

Security Essentials is a solution. It is a revolutionary half-day set of structured workshops that inspire and guide developers on security. Rather than security experts, it’s for Scrum Masters, consultants and trainers to deliver.

Based on five years of research at Lancaster University and UCL, the workshops have been trialled successfully in a dozen different organisations. They work. And we provide an open source version for anyone to use.

What are the Developer Security Essentials?

Developer Security Essentials are a package of three workshops that make security:

The package is proven to help software developers and product managers make better decisions about the security in the software they develop. The three workshops are:

An interactive game teaches that security is unthreatening and understandable;
An ideation-based threat assessment session uncovers the relevant security and privacy needs of the developers' projects;
And an analysis session makes security improvements saleable, by identifying business value for product management.

Any expert software facilitator can give the sessions; security expertise is not required.

You can contact us for services to support the workshop giving: ‘train the trainer’ sessions; short ‘before’ and ‘after’ questions for participants to help understanding and encourage by showing progress; and reminders for facilitators for follow-up

Why Should I Use Developer Security Essentials?

If you are a consultant:

Developer Security Essentials gives you a ‘security story’ – a means to start the development team on a journey towards pragmatic security and privacy in their software. Every project’s security needs are different; working with the developers, with the testers, with product owners and with all the other stakeholders provides a rich area for contributions by consultants whether internal to the company or external.

If you are in a development team:

A well-facilitated Developer Security Essentials is fun, effective, educational and game-changing for participants. It offers a practical and positive approach to security and privacy. You and your team will have fun and learn a lot.

If you are a product manager:

Customers and management are now beginning to demand Security and Privacy as part of the software. But what should you build? This workshop establishes an approach and way of talking with the technical teams to make good, business-focussed, decisions about software security and privacy development

How Do I Lead a Developer Security Essentials Session?

Contact us for free instructions and materials.