Are you building something cool? If you're reading this, then I'm willing to bet that you are! And I'll also bet that in the rush to create, ship, or fundraise, it can be hard to find time to think about protecting your software from cyber attackers. That's why we've created the Resilient Huddle Workshop or simply Huddle.
Quick Links
What's Huddle?
Huddle is a 3-hour focus session that brings together the key software development stakeholders of your startup (or app) for a practical threat analysis of your software architecture.
Our goal is to show your team how to get into the attackers' mind as we identify what attackers are after in your system, and the secure design mitigations that thwart them.
Will my startup benefit from a Huddle?
You can answer this by asking yourself the question... "will I be concerned if my software platform is hacked?". If the answer is no or maybe, then a Huddle probably isn't for you. But if you process any sensitive data and are concerned about protecting customers and boosting trust, you would certainly find value in a Huddle.
How does it work?
Huddles can take place in-person, virtually, or via a hybrid model where some team members are co-located while others join in virtually.
The flow of the Huddle is kept super simple so we can focus on what matters and deliver value.
It includes the following:
Quick intro of Huddle participants.
An overview of your startup's business case, market, and goals.
Software architecture deep dive.
Software security strategy and design working session.
Wrap up and review of future considerations.
*Please note that steps 3 and 4 are tightly knit and occur in parallel. As such, while the architecture is being discussed, disputed, and digested, the group will simultaneously analyze secure design weaknesses and requirements.
What is covered and what's the output?
In a Huddle, any of the items listed below are fair game, and we go after them, based on your priorities:
Software app or platform architecture
Cloud infrastructure and design
CI/CD pipeline
Containers and Microservices
Software development processes
The output is often a digital whiteboard that centralizes the documentation of the analysis, weaknesses, and recommendations. You can expect to find:
Assets: The prized security jewels that you must protect.
Attack Surfaces: The places where attackers will attempt to access your system.
Threats: The probable attack types that will be performed on your system.
Mitigations: The secure design mitigations that protect your assets, defend your attack surfaces, and neutralize threats.
Future Research: Critical security considerations or implications for your system, that your team is yet to think through, and must.
Here's an example of a whiteboard before the huddle starts.
*Please note that some of the elements in the legend may not be apply to your Huddle.
Why should I choose Resilient for a Secure Design Workshop?
Our team is comprised of software security ninjas who are especially skilled with the strategy for ensuring that a software platform is Secure By Design... from your architecture to your code, your APIs, your dev processes, and your public-facing security statements.
We have over 60 years of combined experience in leading software security at companies like Intel, Cisco, McAfee, Autodesk, as well as many startups we've worked with or advised.
We are licensed and insured, and will never share your information with third parties.
How much does a Huddle Cost?
Huddles are designed to be very affordable for startups.
Core Huddle (3 participants Max): $1,200.00
It includes the following:
Identify your Critical Assets
Discover Attack Points
Uncover Relevant Threats
Design Protections
Seed Future Research
Squad Huddle (10 participants Max): $2,450.00
It includes the following:
Everything in Core, plus:
Risk Prioritization
Detailed Threat Analysis Report
15% Discount on Resilient's Software Security Services
Kindly note that the number of participants does not count or include Resilient's experts... we wouldn't charge you for that!