Workshops You Can Deliver Yourself,
to Help Developers Engage with Security
Most UK software development teams still use at most one security technique, and often none at all; even though their organisations are now liable for the huge costs of security breaches.
Security Essentials is a solution. It is a revolutionary half-day set of structured workshops that inspire and guide developers on security. Rather than security experts, it’s for Scrum Masters, consultants and trainers to deliver.
Based on five years of research at Lancaster University and UCL, the workshops have been trialled successfully in a dozen different organisations. They work. And we provide an open source version for anyone to use.
Developer Security Essentials are a package of three workshops that make security:
The package is proven to help software developers and product managers make better decisions about the security in the software they develop. The three workshops are:
Any expert software facilitator can give the sessions; security expertise is not required.
You can contact us for services to support the workshop giving: ‘train the trainer’ sessions; short ‘before’ and ‘after’ questions for participants to help understanding and encourage by showing progress; and reminders for facilitators for follow-up
If you are a consultant:
Developer Security Essentials gives you a ‘security story’ – a means to start the development team on a journey towards pragmatic security and privacy in their software. Every project’s security needs are different; working with the developers, with the testers, with product owners and with all the other stakeholders provides a rich area for contributions by consultants whether internal to the company or external.
If you are in a development team:
A well-facilitated Developer Security Essentials is fun, effective, educational and game-changing for participants. It offers a practical and positive approach to security and privacy. You and your team will have fun and learn a lot.
If you are a product manager:
Customers and management are now beginning to demand Security and Privacy as part of the software. But what should you build? This workshop establishes an approach and way of talking with the technical teams to make good, business-focussed, decisions about software security and privacy development