Security Services

Architecture Review

In an architecture review, we help our client to think about the security of their overall architecture – producing a roadmap of items to make it awesome.  For more information, we have a dedicated services page on architecture reviews.

Code Review

In the context of an application, one of our favorite things to do is read code and search for issues.  Code review engagements are effective at finding issues that other tool and testing based techniques often miss, and they have the advantage that findings identified can be paired with recommended fixes.  For more info on check the code review service page.

General Services

Security Strategy

We help clients plan, budget and prioritize for security across their portfolio of services. This includes governance, compliance and application security.

Virtual CISO

Many small companies and tech startups cannot afford to hire a CISO but are concerned about governance, compliance and other security issues. A Virtual CISO can step in to fill the gap and help secure your company. We have a special focus upon FinTechs, EdTechs & HealthTechs.

Penetration Testing (Pen Testing)

We run Pen Tests for companies of all sizes to uncover vulnerabilities in their web applications.

Application Security


We believe app security is a natural extension of software development. For many app security related tasks, the security part is almost an edge case or extension of the core software responsibility. We offer secure coding classes for your development team, and we can deliver them at your facility. These classes can be customized to your actual development process and focus on the language and tools used by your team. Our focus will be on how to embed security into your development process.


We have the security, development and implementation expertise to enable firms to deliver more secure software. With our help, our clients overcome the challenges to delivering secure software and to meeting industry security best practices.  

We’ll work closely with your Security and Development teams to continually and incrementally embed security into your current development process.

We take a layered approach to security and will work with your staff to embed security into all aspects of the development process. We have a tried & true approach to engaging with your development teams, and we have a plan template we can adapt to your organization. With your teams, we’ll create & execute on a plan that incrementally layers your defenses, so apps continually become more secure.

Your current development process will be our starting point. We’ll begin by embedding security into tasks developers already perform, using tools they already use.


Building on OWASP Glue, and other custom work, we help automate security in CI/CD.

Security Engineering

In addition to our consulting, we can also develop custom software components for security for your company and help automate security within developers pipelines.

Agile Governance

Our security experts provide governance and compliance to clients that are concerned about HIPPA, PCI, FERPA, SOC, Privacy Shield, GDPR and SOX and other standards and regulations.  

With our Virtual CISO offering listed above, we have a specialized offering designed to meet the needs of smaller firms and tech. startups.