Maturing a security program while providing hands-on education
Snapshot
Kalles Group guides a product and SaaS company in the Computer Networking industry to up-level its security program.
Challenge
An established product and SaaS company in the Computer Networking industry was looking to mature its security program. The organization’s teams had limited experience in the security field and were looking to bolster their readiness with the guidance of Kalles Group.
Due to limited experience, tasks were often completed in a rushed manner and the quality of work was beginning to suffer. The documents that did exist had improper use of security terminology and empty assumptions about security catch phrases. The knowledge base was also disorganized with no simple way to identify vulnerabilities or risks to the organization.
Additionally, cloud architecture and culture were limited due to  the team’s previous work experience. Many team members were used to a certain set of solutions, which may have been right for one organization’s security but not necessarily for this one.
Approach
Kalles Group used the organization’s predicament as a way to simultaneously educate its teams and resolve its security vulnerabilities. First, Kalles Group trained the organization in the basics of security, fielded questions, and created a collaborative new culture of security awareness. Kalles Group balanced teaching best practices with demonstrating active management of current risks. This helped cement the organization’s newfound security skills in actual hands-on learning opportunities.
Meanwhile, Kalles Group also documented and developed new operational requirements for projects, which provided immediate value to  third-party penetration testing teams, internal penetration testing engagements, active zero-day mitigations, customer discoveries, and security researcher exploits.
Results
Kalles Group documented a standard method for organizing the penetration testing knowledge base, which provided security engineering teams the ability to easily find vulnerabilities and risks to the organization.
Kalles Group identified organizational gaps in the understanding of cloud architecture, enabling security engineers to ask more effective questions when working with the architecture team. Through the process, Kalles Group advised removal of the company’s culture of single-provider solutions, and instead showed which combination of products would accurately meet the needs of the maturing company.
Due to the balance of both training and security improvements, the organization was able to implement security products that made sense, establish best practices, and create a culture of understanding around security and cloud architecture. Not only does the organization now have the proper protocols in place, but it has a more sophisticated engineering team that understands security and can protect itself from risks and vulnerabilities as it grows.