Below are some value statements which we use to guide our interactions, views, and long term planning. We believe each statement is critical to the success of our organization and our consulting engagements.
Security that says no is security which does no one any favors. Our role is to understand your business, inform on risk, and help accelerate engineering quality and confidence.
As mentioned above, one of our roles in to inform on risk. We provide unbiased, well documented reasoning. We provide acceptable alternatives when risks are deemed unacceptable to your business.
We follow evidence-based industry best practices.
We document big decisions, who made them, when, and under what risk mitigation rationale.
In order to maximize the value of our engagements, we put top value on communication, expectation setting, planning, and alignment on solutions.
If something is worth doing twice, it’s worth automating.
Embracing the DevOps mindset, we seek full automation of testing and deployment related activities. Reporting, analytics, and parts of security can be automated for maximum value.
Any change that is worth making is worth measuring.
Success is defined through creating goals, collecting analytics, and following the data. We can make assumptions, particularly when the problem or data is not well understood, but those assumptions eventually need data to back up any conclusions.
More than any other process optimization method, empathetic communication with a focus on listening and understanding, can accelerate team cohesiveness and productivity. Proactive communication saves time and drives alignment between colleagues.