AppSec Terrain Check
What is your current AppSec challenge?
Are you excited about getting this new AppSec tool?
I’ve been there. But loving a tool is not the same as being ready for it. Let us step back for a moment and check whether your AppSec program is ready for it. A rushed decision may cost you time, budget and management trust.
Are you frustrated with your AppSec program’s pace?
It sucks. You had a great vision for improving your program. You had it all mapped out in your head, but in reality, things are not moving. Something is holding you back, and together we can figure out what it is and how to get your program unstuck.
Are you overwhelmed by too many AppSec requirements?
When I was handed AppSec responsibility, it came with a long list of things to implement. When everything feels important, where should you even start? Together, we can identify the foundational steps that need to come first to build a strong AppSec program.
What is the Terrain Check for?
How would you improve your AppSec program? Add a new scanner? Or build a Security Champions program? Maybe improve policies or train your developers? You will usually find several reasonable directions, but not all of them will move your program forward equally.
So what should you do next?
Once, I got stuck in deep sand in the Sahara. So I did the obvious things first: I aired down my tires, cleared the sand in front of them, and placed my recovery boards. “Okay, let’s get out of here.” But as soon as I hit the gas, sand blasted through the open windows straight into my face. The wheels were spinning wildly, but my car didn't move an inch.
If I had stopped to read the terrain, I would have avoided getting stuck.
But I hadn't. Now, every attempt to drive out was just chewing up my recovery boards. Damn. At some point, I finally got it: No weight on the wheels, no traction. My car was sitting on the sand like a stranded whale. My rush earned me a nice 90-minute workout digging sand.
That is what the Terrain Check is for: it helps you identify what to address first, so time, budget, and effort go where they matter most and you can implement the next steps with confidence.
How does the Terrain Check help you?
How it works
The Terrain Check starts with a kickoff call to understand where your AppSec program stands, what challenges you are facing, and which decisions are currently on the table. From there, I take a closer look at your situation through a questionnaire and, where needed, stakeholder interviews to understand what is slowing the program down and where the real constraints are.
The goal is not to generate a long list of ideas. The goal is to identify the right priority now. At the end, you receive a written assessment with clear next-step priorities and a follow-up call to discuss the results.
What you receive
- A written assessment
- Clear next-step priority
- A follow-up call to discuss the results
Timeline: Usually 2–3 weeks, depending on stakeholder availability on your side.
Investment: USD 5,000
Important: The Terrain Check works best when we can have an honest and open conversation. The quality of your input will shape the quality of the results.
Efficiency
By pausing for a moment to check the terrain first, you avoid spending time, budget, and effort on AppSec measures that are not the right priority right now.
Buy-In
By validating your priorities through an external perspective, you create a stronger basis for internal discussions and decisions.
Momentum
By identifying your next best move, you can stop second-guessing, focus on implementation, and build momentum before the next round of decisions.
Understanding
By understanding how available AppSec measures affect and depend on each other, you grow your own perspective and judgment for future decisions.
Where do you need clarity right now?
Tell me about your current AppSec challenge, and we will figure out whether a Terrain Check is the right next step for your situation.
