Evaluation of SDLC security: tools, people, process

• Evaluation of coverage along SDLC stages and across products and organizations

• Tool effectiveness in detection and alerting: false positives and negatives

• Security and development team mitigation capabilities, trends and metrics

• Identification of gaps in people, technology and process, new tool evaluation criteria

• Creation of standards and policies as needed

  Cloud and network security evaluation

• Evaluation of security for cloud accounts, resources, and deployments

• Evaluation of tool effectiveness, identify gaps, create processes

  Infrastructure security evaluation

• Evaluation of end to end security for infrastructures delivering products and services

• API, microservices, servers, devices, vehicles, wireless and wired networks

• Recommendations, designs for mitigation of vulnerabilities and design shortcomings

  Incident response planning and preparation

• Creation of incident response plan documentation and table top exercises