Operational Project Support

Project internal responsibilities for IT security are vital for meeting security requirements and duties that are constantly increasing. This of course primarily concerns projects that build security-critical applications and especially those that do this based on an agile approach where new security-relevant requirements can continuously be introduced.

Such a role is often called Security Champion. A project security officer or security architect is also widely used terms depending on their assigned tasks though.

Examples of activities in this area are:

• Identification of suitable security measures and placement of relevant tickets.
• Definition of security architecture.
• Internal security contact (e.g. to dev teams).
• External security contact (e.g. to IT security function).
• Planing and coordination of pentests and assessment of their results.
• Coordination of remediation of identified findings.
• Execution of internal trainings and awareness measures.
• Intwegration of automatic security tools in build pipeline.
• Maintanance of security documentation (e.g. security concepts).
• Execution of threat and risk assessments.

Especially lack of know-how is one common problem when it comes to filling such a role in practice though. We can support you here in different ways, e.g.:

• Providing qualified project ressources
• Training and coaching of existing project members
• Implementation and coordination of internal security communities