Why is building a Secure Product so hard?
It doesn’t have to be.
Find Security Peace of Mind
We analyze
your situation
We create a
playbook for you
We help you execute
on the Playbook
Stop losing sleep
We know it's hard enough trying to win in the market without having to constantly watch your back
Fight Fear
We've been there. We have guided a variety of organizations and worked through tough challenges. So we know how to reduce your risk.
Lack of qualified resources?
Stop wasting OPEX on unused, misconfigured, or poorly chosen infrastructure by engaging our experienced team. We can help guide your team through the playbook to reduce your risk.
Devious Plan is a boutique security consultancy guiding development teams on their security journey through Security Architecture, Threat Modelling, Securing the public cloud, Security Training, and Penetration Testing. Specializing in supporting development organizations wishing designers, builders, and breakers to help them on their security path.
We enjoy crafting solutions to interesting and tough problems through architecture, threat modelling, mitigation design, and penetration testing. Researching new ideas, troubleshooting, communication, and thinking of six impossible things before breakfast make us tick.
All our services under one roof
DEVIOUS PLAN SERVICES
Security Architecture
Our experience in systematic security control design and implementation protects your organization's information, assets, and resources from evolving threats.
Cloud Security
Devious Plan has demonstrated capabilities securing cloud infrastructures to create a resilient and secure cloud infrastructure that meets compliance requirements and safeguards against evolving cyber threats.
Threat Modelling
Threat Modelling during the design process helps developments teams design in compliance and Defence-in-Depth by proactively identifying potential security threats, threat actors, attack surfaces, and key targets.
Training
We have extensive experience sharing security domain knowledge crafted to individual team needs. Whether its tailored training to fill a skills gap after a pentest, secure coding workshops, or teaching your development team the “Dark Side”, we have the demonstrable experience to level up your team.
DevSecOps
Devious Plan can support your DevSecOps methodology with experience in automation, continuous security testing, and fostering a culture of security awareness among all team members in an agile methodology.
Red Team Engagement
Our experience in industry-leading penetration testing methodologies (OWASP), including white-box, black-box, and grey-box testing simulate real-world cyber attacks on an organization's systems, applications, or networks.
Hear what our Partners have to say
DEVIOUS PLAN CLIENTS
Andrew Wilder
Regional CISO, Americas, Asia, & Europe
“Devious Plan provided a pragmatic, common-sense approach that found business value to deliver exceptional solutions. Their approach supported and helped upskill team members and others across the organization based on their deep security knowledge.”
Adam Lomas, CRISC
Head of Information Security,
Trust & Compliance
ManagedRisk
“Working with Devious Plan has meant access to the right skills at the right time, reducing the pressure to find and staff experts internally without compromising on speed, quality, or communication. From Security Assessments to Threat Modelling and risk-prioritized security roadmapping support tailored to the realities of each unique environment, Devious Plan has quickly and consistently delivered actionable ‘no nonsense’ insights focused on cost effective cyber-risk reduction.”
Blake Mitchel
Lead Consultant and Founder
Fevor Consulting
“I have collaborated closely with the Devious Plan team for over two years, consistently observing their exceptional work and significant impact on their clients and the industry. I am confident in their proficiency in guiding development teams through the complex cybersecurity landscape.”
Contact Us
To find out how Devious Plan can be your guide