Detect: Know Risks First

Threat Modelling

👉 Read our threat modelling case studies

Identify potential security threats to Kubernetes and other container-based systems, and implement appropriate security controls and measures to mitigate these risks.

We built the first threat models for Kubernetes and lead community CNCF threat modelling under the Linux Foundation.

Threat model full or partial systems, infrastructure proposals, and individual software services. Duration dependent on scoping, timeboxing, or depth of complexity:

• 1 or 2 day workshop
• 1 to 2 week writeup
• Presentation and next steps meeting

Request a threat model quote or ask about Threat Modelling Kubernetes training.

Kubernetes & Cloud Penetration Testing

Test Kubernetes and cloud-native systems to identify vulnerabilities and potential security risks. See our process in detail.

We support:

• Kubernetes and associated services
• EKS and AWS cloud testing
• GKE and GCP cloud testing
• AKS and Azure cloud testing
• On-prem and airgapped systems

We have fixed price and time-based offerings: ask for a scoping session.

Supply Chain Security

👉 Read our supply chain case studies

Protect organisation’s supply chain from potential security threats, by implementing security measures and best practices.

We’re building Software Factories and Open Source Ingestion projects. See conference presentations from customers and colleagues:

• Open Source Ingestion: How’s your Supply Chain with your insecure OSS ingestion? (James Holland, Citi)
• Supply Chain: Untrusted Execution: Attacking the Cloud Native Supply Chain (Andrew Martin, ControlPlane)
• Software Factory: Kubernetes Supply Chain Security: The Software Factory (Andrew Martin, ControlPlane)

We can evaluate and scaffold your Open Source supply chain security remediation solution. Ask how we reduce supply chain risk.

Architecture, Assurance & Maturity Assessment

👉 Read our assurance case studies

Evaluate security posture, including security architecture and processes, to identify potential weaknesses and areas for improvement.

• Review of cluster security controls
• Analysis of system security threats
• Evaluation of organisation-wide security posture

Detailed assessments based on industry standards. Request an assessment.

Correct: Secure by Design DevSecOps and Security

Secure Platform Engineering & Development

👉 Read our platform engineering case studies

Develop secure software delivery platforms and applications. Designed to be resistant to attacks and minimise the risk of data breaches or other security incidents.

• Cloud native solutions using the best of the cloud provider offerings
• Identify, measure, and remediate platform risks
• Integrated guard rails
• Developer experience focus balanced with security requirements

Securing your platform doesn’t need to be difficult. Request a quote.

Hardened, Fast CI/CD Pipelines

👉 Read our supply chain case studies

Implement secure and efficient continuous integration and continuous delivery (CI/CD) pipelines, which are a key component of modern software development practices.

• Tekton Pipelines with Chains and secure supply chain attestation
• Evidence lakes for audit data recall
• Securely reduced cycle time for happier developers

Fast, efficient, and secure DevOps services. Request a quote.

Operational Automation

👉 Read our platform engineering case studies

Automate routine tasks and processes for infrastructure, which helps to improve efficiency and reduce the risk of human error.

We do it right, first time, and transfer the skills your team needs to succeed. Ask for a services quote.

Telemetry & Sensors

👉 Read our platform engineering case studies

Threat observability and data analysis to identify potential security threats and performance issues.

Our security automation is built on solid DevOps. Find out how.

Protect: Stay Secure and Nurture Your Talent

Breach Simulation

👉 Read our ctf case studies

Simulate a security breach to test incident response plans and identify areas for improvement.

• Real infrastructure
• Secure security sandboxes
• Unlimited testing and training

We run the official CTFs for Kubecon. Watch how we teach people security with a host of cloud native security experts, and ask us for a quote specific to your systems.

Cloud Native Training Curriculum

👉 See our training courses

👉 Read our training case studies

Focuses on the development and deployment of cloud-native applications and systems, which are designed to take advantage of the scalability and flexibility of cloud-native computing.

We are long-time cloud native trainers, from Docker and Terraform through Kubernetes and Service Mesh, and have trained the world’s biggest organisations under contract to SANS, O’Reilly, The Linux Foundation, and more.

We care about imparting knowledge that remains relevant and sticks with your team. Discuss your training needs.

Purple Team Training

👉 Read our purple team case studies

Combine elements of both red team (offensive) and blue team (defensive) security testing to improve security posture.

• Learn by hacking to build better defence
• Share responsibility for security amongst your teams

Talk to us about cross-functional security teams.

Zero Trust Systems

👉 Read our zero trust case studies

Implement a security model that assumes all users, devices, and applications are untrusted, and requires authentication and authorisation for every access attempt, in order to minimise the risk of unauthorised access or data breaches.

• Remove passwords and replace them with 45m-expiry credentials
• Encryption in transit, signing at rest, federated identity

See what we can do with Zero Trust.