Security engineering is the methodological identification and specification of security requirements and their design and implementation in a given system or application taking into account its environment, users and business objectives
I help you build and operate more secure systems and applications that deliver your business objectives today and help you deliver them tomorrow. From server and cloud infrastructure to Web applications, focusing on tested and proven application of fundamental security engineering principles, I help you build the capability of your organisation to design, implement and operate resilient, secure and scalable systems. From requirements identification to design and development the focus is on systems that are secure by design and fit for purpose.
Informed by the Building Security In Maturity Model (BSIMM) developed by the industry leaders my secure software engineering consultancy spans all processes of the Secure Software Framework to help you build and operate more secure applications and infrastructure.
Architecting security of systems involves processes not dissimilar to those involved in architecting buildings: understanding their purpose, location, users and structural requirements and specifying how they can be met given the existing requirements and constraints.
I have particular experience in security architecture that has been accredited by the CESG, the UK Government's national technical security authority, and have advised many organisations, particularly in the financial technology sector, on security engineering and testing.
If your application or infrastructure processes sensitive, confidential, or personal data, financial transactions or health records it needs to meet the security requirements of its target environment and the best way to achieve that is to ensure its security architecture is robust and fit for purpose by adopting the BSIMM Software Security Framework processes in the four areas of Governance, Deployment, Intelligence and SSDL illustrated below.