Profile PictureHeiko Webers

Trackman Up

0 ratings

About Trackman Up

Many teams focus on security a few times a year, mainly because they also have an application to develop and security isn’t a very visible feature.

Trackman Up could walk the focus on security up to monthly and make it a high priority while not interfering with business as usual.


I want to be your external CSO

Together we’ll improve all the different aspects of security, month by month. Realistically, you’re in the middle of something right now and more big todo items are the last thing you need, so I’ll make it as easy as possible for you.


What was the motivation for Trackman Up

This is not the typical consulting offer, it’s aimed at long-term success and you and your team can keep all the knowledge you acquire during this project. Security audits give you an overview of where the weak points are right now. But I know that the job isn’t done with a report, so I’m making myself available to deliver the best possible result at a far lower price point than my usual day rate.


All aspects of a successful security strategy

It takes time to update gems and Rails, fix urgent vulnerabilities, research and fix problems that automatic security test tools found.

But security isn't only about keeping up, it's a long-term project with many aspects:

  • Hardening security with modern means
  • Security knowledge so we don’t repeat past mistakes or introduce new vulnerabilities. Trackman Up includes access to your own Rails security knowledge center.
  • Keeping up with new attacks and Rails, gem and software security. In Trackman Up, I can keep up with that for you and update you and your team regularly.
  • Being prepared for the worst case scenarios. Trackman Up includes code examples and we’ll develop a strategy.
  • Know what people do in the app. In Trackman Up, I’ll set up and run a security event logging server with root access for you.


I can add security features by myself, what do I need someone else for?

Because you have an application to develop, but you still want to make security a high priority. I’ll keep up with security for you, propose changes that you can potentially make, provide code, guides, and advice so that you can make informed decisions. We’ll launch the changes with your team and I write up reports and open a Rails security learning center for your team.


Who’s this for?

I’m looking for people who are interested in the long-term success of their web application, and for who security is part of that.


The most important aspect that Trackman Up covers

  • Hardening security with modern means: Every month you can choose from a tailored list of topics what security feature you’d also like to see in your application. I’ll provide you with an example application, a guide and answers to common problems when implementing this. That means less research and development time for you. I’d recommend we’d start with a Content-Security-Policy. Next could be HTTP request limits, an HTTPS-only strategy, HTTP Referrer policy, authentication hardening, signup protection, Subresource Integrity, external link forwarding with filtering, automated custom security tests, new security HTTP headers (if missing) and a lot more depending on your situation or upon request.


Do you want to start with an audit?

We can start Trackman Up with a 1-day Rails security code audit at a far lower rate than my usual day rate.

The way it works is that you’ll get one free month of Trackman Up after the code audit, so this will be an initial 2-month engagement.

Choose „With a Rails security audit“ in the „How shall we start?“ select box above.

If your application has more than 4500 lines of code in "rake stats" (in Controllers + Models + Helpers + Libraries), 1 day might not be enough to go deeper. E-mail me and we can discuss how to get you a 50% discount for a full audit of your larger application or if there’s an area we could focus on.


Do you want to start with quick wins?

If you’d like to start Trackman Up with a welcome pack similar to this, then choose „With a welcome pack“ in the „How shall we start?“ select box above.


What you’ll get

  • I’ll spend in total 1-2 days every month keeping up and improving security for you. There’ll be something to do for your dev team every month, but I’ll provide you with code, give you exact guides and will help to implement it where I can.
  • A welcome pack with quick wins for your web application.
  • Access to your own security incident logging server with root access, upon request.
  • Your personal security dashboard with reports and results for every month.
  • Access to a learning center for your development team with lessons that build upon their existing knowledge.


I don’t have time for this right now

If you’re not ready for this right now, you can also secure your slot now and start only 1-2 months later. The key is that Trackman Up doesn’t want to interfere with business as usual, so all it takes to start are a few emails and a call (even for the audit).


What if I don’t like it?

If you’re not satisfied with the results of Trackman Up after the first month, I’ll provide you with a full refund. I stake my business on helping teams to improve security. I do this because I believe an audit or the welcome pack already has a great impact. Some of the other aspects of security are long-term projects, so I’ll ask for fairness.


Notes

  • This is a monthly engagement and this is for the first month. In order to retain access to the resources and services, we'll bill you this price each month after this initial month.
  • Trackman Up is currently in beta which means you'll get the chance to get a service tailored to your needs. Some parts might still be in development, but that won't be to your disadvantage.
Add to cart
Size
124 KB
Length
11 pages
Copy product URL
$497

Trackman Up

0 ratings
Add to cart