After you've bootstrapped your security...
Your sales people breeze through customer security requirements - delivering strong answers that close contracts faster than your competition.
Your engineers bake security and compliance requirements into their products without the need for expensive, specialized security experts - strong security becomes the rule, not the exception.
Your teams use security as a way to make your product and services more stable, robust and efficient - security isn't a sunk-cost, it's a net positive.
How it works
You send a team of five to our intense, single-day security workshop. There, they receive a crash course in building and maintaining security inside of fast-moving tech teams. They return with a prioritized go-forward plan to build out your security, comply with regulations, and meet even the strictest customer security requirements.
Register
Workshop Content
Strategic
• Principles of Security Architecture
• Threat Modeling & Risk Assessment
• Incident Prevention, Detection & Response
• Speedrunning Compliance Regimes
• Maintaining Your Defenses Over Time
Tactical
• Responding to Customer Security Requests
• Managing Penetration Tests & Audits
• Backup, Recovery, Secrets Management
• Securing Change Management Pipelines
• Implementing Your Security Plan
Your Team Returns With
The Best Security Policy Ever Written
Built and refined over seven years and tailored to your team. The policy has been crafted to impress your customers, appease your auditors and make your engineers say, "Huh, that's all perfectly reasonable".
Security Implementation Plan
Your team's custom-built go-forward plan for bootstrapping security inside your organization. Tasks are prioritized, distributed across the team, and can be implemented in dedicated sprints or worked in over time.
The Bootstrapper's Guide to Security
A collection of how-tos you and the rest of your company can reference as you build out your security. Includes templates for threat assessment, security profiles, business continuity & disaster response.
The Bootstrapping Security Community
Attendees are added to our private slack community and mailing list for all the teams who have taken the workshop. You're not alone. Share ideas, ask questions, get answers from your peers.
Testimonials
David Starr
Strategic Partnerships Manager
TruSTAR
TruSTAR
George’s knowledge has been instrumental to secure business and let our partners know they can trust us and our technology.
David Guaraglia
CTO
Virgo Surgical Video Solutions
Virgo Surgical Video Solutions
I used to think that security was something that could only be done by security people. This workshop changed that. Now we understand what our team needs to do and we're doing it.
Richard Arnold
Board Member & Advisor to Early Stage Technology Companies
George knows more about information system security than anyone I have met in all my travels around the industry.
FAQs
How large should our company be to make this worthwhile?
Customer security requirements and compliance regimes don't make exceptions for company size. If you're actively building a new product, then it will be worth your while. We've worked with companies as small as five people - starting early means that security becomes "just how we do things around here."
We have to meet compliance for SOC2 / HIPAA / GDPR / PCI, will this help?
Absolutely. The workshop's been built from the ground up to help build out the security program requirements that compliance systems require. As part of the workshop the team learns how to build out their core security controls, effectively convey that information to auditors and maintain the controls over time so re-audits are a breeze.
Which five people should attend the workshop?
Technical leadership and decision-makers, people with a thorough knowledge of how your product works and the authority to make changes that bake security into day-to-day operations. The workshop's designed to accomodate busy people - if someone needs to step out for a meeting or phone call, the rest of the group can cover for them (security is a team sport).
The one exception to the five-person rule: if your company has less than five people and you're so proactive about security that you want to attend - please contact us, we'd love to have you.
The one exception to the five-person rule: if your company has less than five people and you're so proactive about security that you want to attend - please contact us, we'd love to have you.
We can really do this without hiring security engineers?
There are aspects of computer security that are a specialized art - malware reverse engineering and exploit development for example - but that's not what your team needs. What your team needs is system lockdown, logging and alerting, account management, a secret service, the timely application of security updates, and backups that are verified and secure. Those actions all have way more in common with normal operations, infrastructure, and engineering tasks and your people are the ones with the institutional and technology expertise to make it happen.
I'm a board member, why should my companies spend their time on this?
Two of the most important questions to ask your teams: "How long is it taking to clear customer security reviews?" and "Are you lying to them?". For most companies, the answer is "weeks" and "yes". After the workshop the answers will be "minutes" and "no".
George Chamales
This workshop is the result of eighteen years of hands-on experience building security into companies ranging from five people to 50,000. To get here I've worked as a security engineer, security architect, programmer, dev/ops engineer, penetration tester, auditor and performed countless vulnerability assessments including security reviews of some of the largest, most complex critical infrastructure systems in the world.
All of those lessons, trials, errors, breakthroughs, experiments and refinements have led me to the conclusion that the most effective way to build maintainable security in fast-moving teams is to bring together the people responsible for those technologies, put them in charge of their own security, and give them a clear path to follow. This workshop is the path.
All of those lessons, trials, errors, breakthroughs, experiments and refinements have led me to the conclusion that the most effective way to build maintainable security in fast-moving teams is to bring together the people responsible for those technologies, put them in charge of their own security, and give them a clear path to follow. This workshop is the path.
Workshop Registration
We organize private, offsite workshops for each company we work with. Going offsite helps eliminate distractions and focus on the task of thinking through their security.
If you'd like to schedule a workshop contact us.
If you'd like to schedule a workshop contact us.
Get Workshop Updates