Overview

GitHub’s Security Advisory Services pairs you up with an expert from GitHub’s team to identify your organization’s top priorities for improving your Secure Software Development Lifecycle with GitHub Advanced Security. We will first work together to describe your current state of SSDLC/AppSec and developer workflow, and define short-/mid-/long- term goals that you would like to achieve.

With these priorities in mind you and your advisor will define the requirements and create blueprint or updated SSDLC implementation for your oraganization. The blueprint will detail how GitHub Advanced Security fits into the picture.

Furthermore, your advisor will build out detailed implementation/adoption and service delivery plan to accomplish these priorities, check in weekly to track progress, and have asynchronous communication channels available to work together to accomplish your goals.

At the end of the engagement you will get a report on all activities during the engagement.

Offering level

• Ranging over Fundamentals [100], Intermediate [200], Advanced [300]
• Scoping and Consultancy by Services Delivery Engineer

Target Audience

• Product/Application Security team
• Security architecture team
• Development/Engineering/QA testing team
• SecDevOps sponsor
• CTO or designated representative
• CISO or designated representative

Key features and benefits

• Assess the current state, identify targets and improvements/next target steps in your SSDLC journey
• Create a blueprint for GitHub Advanced Security supported SSDLC, or
• Adapt a current SSDLC journey or Appsec program with GitHub Advanced Security
• Create and execute implementation and rollout plan of your program and GitHub Advanced security.
• WoW that works
  • Identify a named resource to work with on top priorities to save you valuable time
  • Establish a way of working that fits with your organization.
  • Identified set of goals, metrics and success criteria.
  • Iterational with short delivery cycles producing frequent and tangible outcomes.
  • Async communication - Use Slack, a shared GitHub repo for collaboration
• Receive consulting and advising on paths to success with a GitHub Advanced Security Expert

Engagement schedule

This offering is scoped by an expert from our GitHub Advanced Security team and a schedule will be crafted according to your individual needs.

Syllabus

This engagement will consist of sessions covering the following topics:

• Preparation
  • Context
  • Stakeholders
  • Aspirations/Success criteria
  • Way-of-working
• Assessment
  • Gather and review documentation
  • Interviews
  • Evaluate current state and practices
  • Define current maturity model
• Goal setting
  • Identify goals
  • Identify gaps
  • Blueprint/roadmap/program
• Present and Plan
  • Present and review blueprint and roadmap
  • Prepare implementation and delivery plan
• Execute
  • Execute plan - trigger and deliver required services
  • Updated, Reflect, Adjust
• Close out
  • Final report presentation
  • Lessons learned
  • Next steps

Learning outcomes/business outcomes

After completing this workshop participants will be able to:

• Maturity assessment, gap analysis and improvement steps
• A blueprint or updated SSDLC and Appsec program
• Actionable plan to accomplish your organization’s top Secure Software Development Lifecycle priorities
• Smooth delivery and deployment of GitHub Advanced Security
• Report on sucess

Prerequisites

• GHAS licenses purchased for the relevant scope of work