why
From a product development perspective security always seems to be “the bottleneck” or “the department of NO!”. An increasing number of product releases and daily software deployments overwhelms the security department additionally.
Turn the tables by rolling out a security champions program. Accelerate your product development while staying secure by establishing security-as-code and a security culture across your organization with A&B. Stay innovative and improve your overall security posture!
what
Alice&Bob.Company enables teams to act as Security Champions by example. After integrating in the team, A&B employees start to implement security-as-code in each phase of the DevSecOps pipeline and reach a high degree of security automation.

Together with the client’s leadership team and in alignment with the general companies’ security policies, the Security Champions Program covers e.g.
- Agile Threat Modeling
- DevSecOps
- Security-as-Code & -automation
how
The Alice&Bob.Company follows its very own “integrate&enable” approach to get the most out of the program for the client and create a customer centric program, that addresses organizations, teams, and tools.
Integrate
The A&B Security Champion integrates immediately in clients product team, defines possible threats in mutual workshops and starts leading the change. After clarification, the Security Champion starts implementing Security-as-Code in all phases of the DevSecOps lifecycle.
Enable
As interim Security Champions and mentors, A&B not only implements Security-as-Code, but onboards clients novice Security Champions, empowers them with recurring trainings on how to become a Security Champion and sets up the right communication channels to build a network of Security Champions.
After starting with a “lighthouse” team, A&B continues to roll-out the program across various teams.
Once the Security Champions Program is initially rolled out, A&B will take care to continuously improve the program. There will be bi-weekly moderated team retrospectives with the novice client Security Champions.
YOUR BENEFITS
Main advantages of launching a Security Champions Program with A&B:
- You take care on your product. We take care on creating a modern security culture in your product teams. Continuously and managed.
- Security Champions will improve your innovation speed: ship secure software faster!
- Establish security as additional quality dimension in your agile product teams
- Increase diversity, by adding risk-oriented views in your feature-driven team
other products in 04 continuous improvement
Continuous Penetration Testing
Minimize the risk of application vulnerabilities by combining manual and continuously automated penetration testing for your web applications and API’s.
Cloud Security Posture Management
Keeping visibility and enforced security across public cloud accounts – probably across multiple public cloud vendors with the right tools: facilitate a managed Cloud Security Posture Management (CSPM) service by Alice&Bob.Company.
Managed Container & Serverless Security
Have you heard about Kubernetes Security Posture Management (KSPM)? Keep a clear view on your Cloud and Serverless Security with A&B’s Managed Container & Serverless Security.
Managed Perimeter Protection
Protect your publicly accessible websites, e-commerce platforms, IoT-, IIoTT-applications and other dynamic web application against abuse of bugs, vulnerabilities and Distributed Denial of Service (DDoS) attacks. The team of A&B and AWS give you a peaceful sleep.
CI/CD Pipeline improvement
Pimp your existing CI/CD pipeline to the next level! Alice&Bob.Company continuously monitors and improves your current CI/CD pipelines.
We continuously integrate automated and scalable Cloud Security into your software development lifecycle.
Security Chaos Engineering Program
Transfer the disruptive operational method of chaos engineering, developed initially by Netflix, to cloud security. We accompany your team(s) over the course of 12 month to establish the concepts and culture of Security Chaos Engineering (SCE).
Cloud Security Trainings
Never stop learning! The cloud never stops teaching! In Jan 2021 AWS consists of more than 199 ready to use service. 45+ of those are security related. Let us help to enable and educate you team(s) with an individual training plan over a timeframe of 6 to 24 months.
Custom Tailored Managed Service
Is there anything you need, but we haven’t covered? We are always curious and eager to learn about your requirements. And maybe, we develop a new Cloud Security Managed Service together.