Developer Security Essentials


Workshops you can deliver yourself, 

to help developers and product owners make the right security decisions.

Development teams and product owners have many decisions to make about how much security to introduce into their products and services. So far, security training has paid little attention to this.


We offer Developer Security Essentials for use by software consultants and leaders. It’s a revolutionary education package, proved in a dozen organisations, to teach everyone in software development how to make security decisions.


What are Developer Security Essentials?

 Developer Security Essentials are a package of three workshops taking less than a day. Rather than using classroom-style teaching, the participants learn for themselves, by applying structured workshops to their own projects.


The workshops follow the classic double-diamond ‘design process’. First, there’s a game where participants learn about prioritising security; then they brainstorm the security and privacy needs of their own projects; then they choose the most important; then they work out how best to describe those needs and discuss them with product management and customers.


Finally, we’re also producing a system of questionnaires to measure what a team knows and does about security, both before and after the workshops.


Why should I use Developer Security Essentials?

If you are a consultant:         


Developer Security Essentials gives you a ‘security story’ – a means to start the development team on a journey towards pragmatic security and privacy in their software.   Every project’s security needs are different; working with the developers, with the testers, with product owners and with all the other stakeholders provides a rich area for contributions by consultants whether internal to the company or external.


If you are in a development team:


A well-facilitated Developer Security Essentials is fun, effective, educational and game-changing for professional software developers, whether programmers, QA, usability experts or any of the many other  development roles. It offers a practical and positive approach to security and privacy; indeed developers at a workshop at ACCU 2021 gave us unanimous 'excellent' scores! You and your team will have fun and learn a lot. 


If you are a product manager:


Customers and management are now beginning to demand Security and Privacy as part of the software. But what should you build? This workshop establishes an approach and way of talking with the technical teams to make good, business-focussed, decisions about software security and privacy development

How do I lead a Developer Security Essentials session?

The materials for both the face-to-face workshops and the online workshops are free to download:

Sign up here for the next train-the-trainer session, an inexpensive, interactive  session in which you'll learn how to deliver them: