Security Education
Bruce Schnier once said that “Security is hard”. Our understanding of what is secure is flawed because language fails us. We throw money, time, and resources at complex architectures with magic boxes to check boxes only to suffer another breach. Understanding appropriate controls, defense in depth, and the myriad of attacks applicable in a given deployment is key to efficiently maintaining a robust security architecture.
Devious Plan has experience in a variety of deployment architectures, which means we know the field so we can help you with the right game plan for your needs, and we can communicate the play in a way that the whole team can understand.
Teams often misunderstand or are unaware of the malicious use case. This is common. Our education system focuses on the positive use case so that engineers, developers, and architects are not aware of potential negative impacts. Devious Plan fills the gap by teaching you about us, the people your professor never warned you about.
Threat Modelling.
Teaching development teams to threat model is a rewarding experience for both trainer and team member. Teams learn how to craft data flow diagrams, itemize targets, and associate their risk valuation, identify attack surfaces, and then craft realistic attack scenarios and develop controls to defend against them.
Secure Coding Workshops.
This module helps developers understand common coding pitfalls and flaws that lead to security breaches. Defensive code is explored. The workshop is tailors to your technology stack.
Pentest Workshops.
Sometimes the best defense is a good offense. Learning attacks teaches teams how to be better defenders. Following the OWASP Top 10, this workshop teaches teams some of the tools and attacks against a modern test web application.