Wilmington, MA. (Corporate HQ and we operate globally)
Seattle, WA. (Professional Services Team office)
Prune, India (Services and Engineering Team office)
David Grazio // email@example.com // 978.502.0126
Top Focus Areas:
- Industry Standards and Policies– Secure development standards bridge the gap between InfoSec policies and development best practices. Findings from our ongoing research and SDLC assessments provide a feedback mechanism from which we build security principles, coding best practices, architecture standards, and testing procedures.
- Education– Our computer-based and instructor-led training gives your teams the right skills to successfully implement secure coding standards and adhere to policy requirements. Source content is derived from our ongoing assessments of the world’s more prolific software.
- Assessment– Our expert analysis provides a feedback mechanism to improve standards and identify knowledge gaps. This takes the form of static analysis, dynamic analysis, penetration testing, code reviews and SDLC audits.
Points of Differentiation:
- We provide a unique perspective on software security. Given that our security solutions span assessment, remediation and training, we understand the systemic causes that lead to vulnerable software. We also develop software products ourselves; thus, we understand the challenges of building security in, trade-offs between functionality and security, and how to take a risk-based approach to vulnerability management.
- Published the industry’s first security testing methodology, How to Break Software Security, which has been continuously refined and adopted by Microsoft, Adobe, Symantec and others
- Gartner Cool vendor and multiple Gartner Magic Quadrant leader designations for our Security Awareness Training Program (3 years)
- Staff hold 100+ accreditations including Apple and Barracuda Network Hall of Famers, Privacy by Design Ambassadors, Microsoft MVPs for Security, and Ponemon Institute fellows
- Authors of 18 books, including 10 co-authored with Microsoft
- Co-inventors of the widely adopted STRIDE and DREAD software threat management techniques
- Security partner to the Microsoft Azure and Amazon AWS teams, helping secure their platforms
- Provided expert testimony for Congressional hearings and state court cases
Business Success Story:
Our partner TAG Solutions LLC provides our security awareness training (SAT) program to customers as part of their growing security practice. TAG Solutions has recognized the need for security user training within their installed base and together we’ve delivered our industry leading SAT program to address the security risks and vulnerabilities which many customers are facing today.
In addition TAG Solutions deliver security services such as vulnerability scanning and network assessments to address requirements which are identified during the IT assessment process. One of the areas which TAG Solutions recognized as an opportunity to provide more value add services to their customers included penetration testing services to complement their vulnerability scanning offerings. Customers were either unaware they needed to leverage these services and why or other competitors were winning this business given a gap in the TAG Solutions services portfolio. In either case TAG Solutions was missing out on these opportunities to expand their security revenues within accounts and secure add-on business through these value add services which resulted in missed opportunities and reduced license renewal business.
Security Innovation met with TAG Solutions and discussed how we could assist in this regard by extending our security assessment services to their customers thus enhancing the TAG Solutions portfolio. We reviewed our assessment portfolio and demonstrated how our Professional Services Team could educate their customers on the value of secure coding best practices and industry standards through our expert guidance and insights. Through our discussions and strategic partnership we were able to expand our offerings beyond the initial SAT program and focus on a business model that leverages both long term assessment services combined with education generating recurring revenue streams.
Today Security Innovation has partnered with TAG Solutions LLC to deliver penetration testing, application code reviews, and SDLC gap analysis services to their customers which has resulted in greater demand and interest in security services. We’ve expanded our business together with TAG Solutions and identified a strategy for market expansion as part of our joint go to market efforts to assist customers in these key security areas – solidifying their customer loyalty and retention rates. Now TAG Solutions has a defined enterprise solution that encompasses professional services, training licenses, and a mechanism for building a multi-year security program to maximize revenues and profitability.
- Security Innovation’s roots are in software quality and security. In 2002, we were launched as a consultancy focused on software security analysis for US Department of Defense and software vendors including Microsoft, Adobe, and Symantec. From this evolved training and SDLC assessments to address root causes of vulnerabilities, enabling growth into the financial services, retail, hospitality, and manufacturing industries. With the acquisition of NTRU Cryptosystems in 2009, the company added embedded and IoT security expertise and further expanded into testing “smart” devices for home, energy, and building control.