Coaching with Shostack + Associates


Corporate culture shifts are challenging. Changing how you deliver to your customers is difficult. Improving security engineering involves both, and that makes the journey a complex one.

Observing the many challenges that our customers encounter as they travel down this road has led to our coaching service. We cannot run the race for you, but we can help you prepare, plan and execute by sharing the secrets of success. Even when we talk with executives and convince them that threat modeling is a good idea, for change to happen, someone internal needs to be accountable.

Our Appsec Enablement Coaching package includes a toolkit and a coaching team to listen and advise. The Enablement Toolkit is aligned with the stages of the program:

Each company’s journey is unique. We hate the cliche, too, and let us share some important specific questions:

At each stage, there’s tradeoffs to be made. Those tradeoffs include:

Your answers to these questions influence how your program can rollout, and choices about the tradeoffs influence what processes, training and support make sense for you. The timing each stage is dependent on the size, culture and history of the company. We work with each client to drive change quickly and effectively.


How can we help you today?