Software Assurance Business

Improvement Results

Application Assessments Performed Annually

Total Time in Months to Design & Implement

Annual Sustainment Costs

Army Medal Awarded

Average Unique Vulnerabilities Identified Monthly

Challenge

The client requested help with figuring out the best method to assess web applications.

The client was a Cyber Security Service Provider. They hosted many web servers on behalf of his customer’s footprint.

The client wanted to ensure that all the web apps were secure before integrating them.

The client also worked with many various development teams that built web applications.

With no real mechanism for assessing web applications this gap was huge.

Recommendation was to design and integrate a holistic Software Assurance Business.

Context /Action

We Designed and Developed a Software Assurance (SwA) Business.

The new mission was to assess all web applications that are coming to the datacenter.

Software Assurance definition in industry is as follows:

To provides the level of confidence that software functions as intended…

And is free of vulnerabilities…

And that’s checked throughout the Software Development Life Cycle (SDLC).

At the time of design, there was no worldwide policy to mandated this capability.

The client leverage policies, guides, regulations, directives and other forms of documentation…

To determine how to run IT & Cybersecurity operations.

So by us telling them they had to do this… broke the mold and laid the road for proactive security.

Because of this flaw… the client missed identifying software vulnerabilities in web apps.

The services involved the following:

  • Assessing web apps in production;
  • Assessing web apps in development & staging;
  • dynamic analysis;
  • static analysis of source code;
  • And Training for developers.

This not only spanned the assessment of web applications but also mobile as well.

Providing developer training was a big effort for delivering these cutting-edge services.

Training was a big effort for delivering these cutting-edge services.

Not only did we have to educate and train developers but also administrators, project managers, engineers, system owners, Information Assurance, and other leadership…

Thus we provided not only, on the spot training, but also developed a monthly battle rhythm. Group training in this environment was key.

As an added bonus, we implemented Threat Modeling too.

Threat modeling is a technique used to tear apart web apps logically.

It map the attack surface and identifies the impact and likelihood of the attack.

Threat modeling was only done on huge apps with tons of functionalities… like Amazon web app.

As you can imagine… marketing something no one ever seen before was a challenge…

Thus, we leveraged traditional marketing and digital marketing techniques to do so.

For Traditional marketing we used flyers and posters with cool graphics to grab attention… and bring awareness.

These were littered throughout the buildings and common areas.

For Digital Marketing we used Email Marketing, Content Marketing and Social Media Marketing.

We also recorded videos of walkthroughs and case studies that people really resonated to.

In the end, it was a huge success. The client received a 3 million dollar budget to sustain the business. 

If you like our work here and would like to learn more about Digital Marketing... then check out our What is Digital Marketing guide and our other Guides.

Want to learn more about who CyberBlueprints.com, Inc. is; click here.

About Carlos E. Cruz

advertisement

——————

Carlos worked at the Pentagon as their Security Architect & Hacker for 5 years. He was a top level Government Executive working for the Department of Defense (DoD) as a Government Civilian GS-15. Which is the highest ranking Government Official before Senior Executive Service (SES). Carlos hand-built and implemented over 12 Enterprise-level Cyber programs; which equates to building 12+ businesses in the Private Sector. Combined he managed over 100 million in Government programs over his tenure.

Stay Awhile and Look Around

Enter your email to get instant access to the case study

Enter your email to get instant access to the case study

Thank you for your time; we hope you enjoy the free case study.

Enter Your Email To Begin Scheduling Your Free Cyber Strategy Session Today

Enter Your Email To Begin Scheduling Your Free Cyber Strategy Session Today

Thank you for your time; we hope you enjoy the free case study.

Enter Your Email To Schedule Your Free Cyber Strategy Session Today

Enter Your Email To Schedule Your Free Cyber Strategy Session Today

Thank you for your time; we hope you enjoy the free case study.

Enter Your Email To Gain Access To The Cyber Resistance Community!

Enter Your Email To Gain Access To The Cyber Resistance Community!

Thank you for your time; we hope you enjoy the free case study.

Enter Your Email To Schedule Your Free Cyber Strategy Session Today

Enter Your Email To Schedule Your Free Cyber Strategy Session Today

Thank you for your time; we hope you enjoy the free case study.

Enter Your Email To Schedule Your Free Cyber Strategy Session Today

Enter Your Email To Schedule Your Free Cyber Strategy Session Today

Thank you for your time; we hope you enjoy the free case study.

Pin It on Pinterest