Agile Security Testing Assessment

 

Our Agile Security Testing Assessment evaluates program activities and documentation to identify areas for improvement. The focus is cybersecurity testing within agile software development and cloud computing deployments.

The assessment's foundation is DoD DevSecOps, AWS and Azure documentation. Remaining practices have been developed by Gideon Rasmussen based on 20+ years of cybersecurity experience within corporate and military organizations.

Areas of focus include:

  • Methodology
    		•
  • Automation
    		•
  • Inject and Integrate
    		•
  • Oversight
    		•
  • Vulnerability Scanning
    		•
  • Penetration Testing
    		•
  • Root Cause Mitigation
    		•
  • Partnership
    		•
  • Metrics
    		•
  • Influence
    		•
  • Program Scope
    		•
  • Alternate Duties
    		•
  • Change Management
    		•
  • Tools
    		•
  • Future Assessments
    		•
  • Cybersecurity Program
    		•
  • Reporting Integration
    		•
  • Staffing
    		•
Assessment activities consist of: [1] observation of controls, [2] documentation and artifact review and [3] interviews of management and staff. The assessment is conducted by phone and screen share.

Deliverables include an assessment report and a slide deck presented to executive leadership.

Fees and Payment

The assessment is billed at a flat rate. The engagement begins once the Statement of Work and Contract are signed and upon receipt of the first of three equal payments.

Phase Milestone Amount
1 SOW and Contract Execution 1/3 payment
2 First Assessment Interview 1/3 payment
3 Delivery of Draft Report 1/3 payment

Next Steps

Each engagement can be customized to meet the needs of the client. The first step in the process is to have a conference call to discuss requirements.

Recommendation

"We engaged Gideon to perform an assessment of our penetration testing program. After a thorough review, he was able to make recommendations that would further assist in an already mature program. His knowledge and years associated within the security industry provide for him to see the “big picture” and provide guidance and assistance in getting to the ultimate goal."

Assessment Options

Custom assessments may be conducted based on the needs of the client. Here are examples:

Assessments
Application Security (DevSecOps) Vendors and Service Providers Cybersecurity Program Ransomware
Business Process Risk Incident Response Line of Business Risk FMEA Process Risk
Security Operations Center (SOC) Fraud Prevention Insider Threat Security Awareness Program
Mergers and Acquisitions Infrastructure Security Zero Trust Security Model Threat Landscape and Controls
Cyber Exercise Program Penetration Test Program Cybersecurity Function Agile Security Testing

This service offering description provides an overview for informational purposes only. The Statement of Work and the Master Services Agreement are the official documents for each assessment engagement.