Consulting

Overview

I offer several consulting services, from which I can assist you in overcoming your most difficult security challenges.

The following are the services I find most valuable to those who seek me out of the internet, but you can also skip to the bottom to reach me with a custom inquiry.

Security Architecture Review

I will comprehensively review the design for an upcoming (or existing) product or feature your team is working on. I will work with your engineers to find significant architectural security gaps, document them and propose solutions.

Often, resolving vulnerabilities at the architecture/design phase of development takes a fraction of the time that it does post-implementation and release.

This is the best way to improve your security posture, provided you already have a sufficient SSDL process.

Secure Software Development Lifecycle (SSDL)

I will assist your company in designing and implementing an SSDL process which will allow them to ship secure code on their own, having each new product or feature delivered through a standardized security process.

This process will be customized to your business and include methods of ranking risk for products and features, rules for handling vulnerabilities pre and post production as well as organizational tools for flagging and identifying the riskiest components of your codebase.

This is the best way to improve your security posture in the long term, as it’s benefits only increase as you produce more code.

Penetration Testing (Web Applications)

I will provide white-box penetration testing of web applications, making use of my full skillset as both a security architect and a software engineer.

Results will be provided in PDF form, with each vulnerability alongside an example payload and a suggested mitigation.

Ideally, you would be a client implementing a web application in full-stack JavaScript (Electron & React Native are also good candidates), in order to take advantage of my knowledge as a contributor to the JavaScript programming language.

Salesforce App Exchange Security Review

Did you know that a single security flag will result in your application being rejected from the Salesforce App Exchange, which on average adds four to six weeks to your launch plans? If you get flagged again, the process repeats itself.

During my time at Salesforce, I reviewed over 200 App Exchange applications for the security org.

Using my knowledge as a Salesforce technology expert, and my learnings from reviewing hundreds of App Exchange applications - I will review your application prior to it’s submission to the Salesforce App Exchange.

I am so confident that I can help your application pass the App Exchange security review, that I offer a money-back guarantee if it does not pass.

Contact Me

If you want to work with me please reach out on LinkedIn - and ask for a free phone consultation.