Our journey has started way back...
For many years, We did lots of penetration testing (white-box or black-box) for many companies, from medium size startups to Fortune 500. We realised more often that our pen-test reports do not solve these firms security problem. In fact their biggest security problem was not related to the design nor implementation of their programs. The root cause was something else.
A wrong culture and approach to security that did not encourage their engineering teams to actively look into eliminating security bugs. Instead they see the security bug reports as an additional burden to deal with. A work item that often stopped them to go to prod and this made them even more upset.
Well, clearly this was not right and if we don't get engineers on-board, our security problems would have gotten worse.
We changed our approach
We worked with our customers to solve these issues. We first listen to their concerns from the product owner to software testers.
We soon find out how much we, the security crowd, did not understand them and there is a big gap between what we push for and what they care. We worked to get this addressed through security awareness sessions, internal hack-your-software events and Capture The Flag.
Our training courses emerged
We put together real pen-test findings into a training course. Examples were taken from the programs that developers themselves had developed. We did not made another security course to turn every developer to a penetration tester! Instead we designed a course that teaches defensive design-patterns and security principles . Our course talked the developer's language and gave them first-hand experience to feel the severity of security vulnerabilities in their own program.
We had amazing results
We received excellent feedback. Developers were able to use their learnings in their day-to-day work. They loved the fact that our course helped them to develop a better designed software and security is implicitly taken care of. ❤️
The cultural transformation were so awesome that after each training courses, the internal security team received notification of security bugs discovered by engineers and patched!
So we created SecDim
We want more companies share these success stories and we love to help them to change their culture and approach to application security.
We've created a dedicated company for security education.
And here is our Founder
Dr. Pedram (pi3ch) Hayati is a seasoned application security expert and inovator. He is the founder of the largest multinational technical security community (SecTalks), trained hundreds of industry professionals to fill the acute shortage of cybersecurity workforce, and provided security advises to Fortune 500 enterprises. These all backed by his strong academic background, Ph.D. in InfoSec and his passion in security education. He is also Course Convenor at University of New South Wales (UNSW) and Curtin University.
Meet Your Instructors
Join hundreds others at SecTalks meetup to participate in hands-on workshops on builing secure programs. SecTalks is a multi-national technical security community that we have founded in 2013.