Chevy Blazer on Senja, Norway at sunset — a visual metaphor for Application Security beyond the paved-road illusion and into the rough terrain of reality.

AppSec Adventure

Stop pretending your AppSec program moves on a paved road.

Where AppSec programs get stuck

They depend on one driver.

As AppSec Leads, we keep pushing security, reminding teams, and wondering why nobody seems to take responsibility.

But if the whole program depends on your foot staying on the gas, that's pretty fragile and not sustainable.

Ownership needs to be properly distributed.

They ignore the terrain.

AppSec roadmaps often look like a smooth ride. Get secure coding training, add a SAST scanner, define a code review guideline and build a security champions program.

But your organization is complex terrain, not a paved road. You need to navigate culture, habits, existing processes, limited budgets and conflicting priorites.

You are already driving off-road.

They confuse inspection with readiness.

When your AppSec program is built to check boxes on the next audit, you may miss the real goal:

protecting your organization and the people who use your software from serious incidents.

Serious issues don't wait for inspection.

Anne standing on a rock in the Anti-Atlas mountains in Morocco, overlooking a wide rugged landscape that reflects the Terrain Check theme.

Start with the AppSec Terrain Check

Before you add another tool, launch another initiative, or push harder, you need to understand why your AppSec program is stuck.

We look at underlying structural problems: Where are expectations still implicit? Where does responsibility sit in the wrong place? Where does culture create friction? That's what usually blocks AppSec programs.

So what is the Terrain Check?

It is a short-term assessment that uses stakeholder interviews to uncover the underlying problems that need to be addressed, to get your AppSec program unstuck. It validates your current AppSec reality against my reference for distributed AppSec responsibility: the AppSec Ownership Model.

After the Terrain Check you can stop vasting time and effort on fighting symptoms and instead, address the underlying problem.

Anne sitting with her dog on a mountain hike in Senja, Norway, representing experience with navigating real terrain and complex AppSec programs.

How I help you navigate your terrain

I don’t work from a classic consulting office. I live and work from the road, with my life packed into an old Chevy. That means independence, resilience, ownership, and pragmatic decisions are what keep me moving in the real world.

I bring the same mindset into my AppSec work. I built an AppSec program from scratch after starting in software development, so I know how AppSec feels from both sides: the pressure to ship software and the responsibility to build a program that holds up in a real organization.

That is also how I work with your AppSec program:

  • I look at the system to understand where problems actually come from.
  • I make expectations explicit so ownership can actually be taken.
  • I optimize pragmatically so new investments can create meaningful impact.
  • I encourage critical thinking so your organization can build better judgment.

My goal is to help you build an AppSec program that is sustainable and resilient.

Chevy Blazer crossing a wooden bridge in the Bosnian mountains – symbolizing resilience and navigation through rough terrain.