Applying Security Knowledge in Practice
Prior to conducting the workshop with your team, we’ll have an initial scoping meeting. This session is designed to customize the workshop to your specific requirements, helping us decide on the most suitable focus areas and review targets.
Review & Reflect is a facilitated, team-based workshop that enables participants to review and reflect on their own architectures and codebases through a security lens. The focus is on practical application, collaborative analysis, and translating security knowledge into concrete, actionable improvements tailored to the participants’ real-world environments.
This workshop is designed for two distinct audiences:
- Teams that have completed foundational security training and want to operationalize what they’ve learned by applying security concepts directly to their own systems
- Security-mature teams looking to accelerate their security posture by conducting focused reviews of their own environment, software, and architecture
Workshop Format
The workshop combines individual analysis with collaborative team discussions, guided by an experienced facilitator. Throughout the day, participants work on their actual systems rather than abstract examples:
- Moderated group work to apply security concepts directly to the team’s own systems, architectures, and codebases
- Individual and team-based reviews focused on secure software development principles and operational security
- Structured exchange of experience between team members with discussion of proven security approaches and patterns
- Direct, moderated support for individual questions, targeted feedback, and deep dives into specific areas of concern
Interactive engagement elements via SignalBoard keep the workshop dynamic and ensure active participation throughout the session, whether attending remotely or on-site.
Workshop Outcomes
The concrete outcome of the workshop is a structured list of findings, organized into three categories:
- Architecture: Design-level observations, structural risks, and recommendations for architectural improvements
- Implementation: Code-level findings, patterns to address, and secure coding practices to adopt
- Operations: Operational security considerations, configuration concerns, and deployment hardening opportunities
These findings are documented during the workshop and are intended to be addressed by the team after the workshop concludes. The structured format ensures that insights gained during the session translate into a clear, prioritized action plan.
Flexibility & Customization
- Scope and focus areas can be adapted flexibly to specific technologies, domains, or threat models
- The workshop can be delivered remotely or on-site at your location
Whether you want to focus on a specific application, review your cloud architecture, examine your CI/CD pipeline security, or conduct a broader assessment across multiple systems, the workshop agenda is tailored to your priorities.
Interested in your organization’s individual quote? Let’s talk.
Follow-Up Options
After the workshop, teams often benefit from additional support in addressing the identified findings. Depending on your needs, follow-up options include:
- Custom Mini Sessions: Short, focused sessions to dive deeper into specific topics identified during the workshop
- DevSecOps Pipeline Coaching: Help implementing security automation for findings related to CI/CD and build processes
- Security Architecture Consulting: Ongoing support for addressing architectural recommendations
- Security Findings Assessment: Expert evaluation of findings combined with additional security scan results
Ready to apply security knowledge to your own systems? Contact me to discuss your workshop requirements.