Operational Project Support

Project internal responsibilities for IT security are vital for meeting security requirements and duties that are constantly increasing. This of course primarily concerns projects that build security-critical applications and especially those that do this based on an agile approach where new security-relevant requirements can continuously be introduced.

Such a role is often called Security Champion. A project security officer or security architect is also widely used terms depending on their assigned tasks though.

Examples of activities in this area are:

  • Identification of suitable security measures and placement of relevant tickets.
  • Definition of security architecture.
  • Internal security contact (e.g. to dev teams).
  • External security contact (e.g. to IT security function).
  • Planing and coordination of pentests and assessment of their results.
  • Coordination of remediation of identified findings.
  • Execution of internal trainings and awareness measures.
  • Intwegration of automatic security tools in build pipeline.
  • Maintanance of security documentation (e.g. security concepts).
  • Execution of threat and risk assessments.

Especially lack of know-how is one common problem when it comes to filling such a role in practice though. We can support you here in different ways, e.g.:

  • Providing qualified project ressources
  • Training and coaching of existing project members
  • Implementation and coordination of internal security communities