enterprise IT product security knowledgebase

users: product development teams

problem: enterprise product development teams only consider security measures just before needing to push to production, causing unnecessary delays and security gaps

goal: increase awareness and use of recommended security tools and processes, leading to more secure code - more product teams performing security tasks earlier

development team outcomes: 

  • learn which secure best practices to take based on which development phase they're currently in 
  • self-diagnose missing security pieces
  • export security chore details to their project management tool of choice
  • access security-specific support channels to get live help

product features

  • recommended security tasks based on development phase-selection
  • best security practice questionnaire
  • .csv chore and detail export
  • links to single-slack channel within corporate instances, external survey and email links

lessons learned: 

  • it's leaner to let users diagnose their own needs than try to calculate their certain statuses with bulkier integrations
  • gamification is a helpful education tool