Every startup understands that they need to care about security, but hiring someone with the technical and organizational experience needed to make core strategic decisions is often out of reach. SSL provides a fractional chief security officer service that acts as a bridge between the point when you need to start working on security and when you’re in a position to make a full-time C-suite hire. This lets you concentrate resources on building a security engineering team and doing the work.

We will work with your technical leadership to help you ensure that your product architecture and business systems build security in correctly, and that you’ve got the detection and response capabilities you need to sleep well at night. This includes everything from technical design work and vendor recommendations to guidance on team structure and interviewing candidates for security-relevant positions. We’ll also help you build policy and governance structures to manage your security exposure over time.

Beyond this, we’ll work with your exec team to ensure that the security work that needs to happen is done in ways that support your core company strategy. Security done right is an enabler for the larger business, not a source of friction.

How do you get a complete picture of the security posture of an organization? If you’re a CTO who’s just joined a new team or you’re dealing with an incident that’s acted as a wakeup call, this is your challenge. Security testing will show you specific issues, but not the whole landscape — that’s where we come in.

We’ll work with your team to understand your technical and governance security maturity, to evaluate whether the team has made decisions that make security harder or easier, and to get a picture of your company’s security culture. We’ll also look at how security work is integrated into the overall strategy of the company, and whether the team has the resources they need to deliver secure outcomes. From all of this, we’ll give you both the overview and, if we find significant gaps, some short-term immediate actions to get you started on the right path.

Landscape reviews are the starting point of all of our fractional CSO engagements, but they don’t need any follow-on work to solve your immediate need for clarity.

When you have run of the mill security challenges, it’s easy to get advice. You get a team in to do a code review, they point out a few XSS bugs and tell you how to fix them, and life goes on. What do you do when you have hard, or even novel problems? What do you do when there isn’t an answer for how to do the thing you need to do securely?

You call us. We’ve been re-architecting systems to bake security in for decades, and we can help you figure out both what the problems you actually need to solve are and how to solve them. This is true regardless of where your problems are on the stack. Are you dealing with complex product security trade-offs at the business level? Extending an existing authentication protocol to enable novel features? Trying to define your security problem well enough to understand if a specific cryptographic primitive is the right fit? We’d be delighted to help.