Security Champions


From a product development perspective security always seems to be “the bottleneck” or “the department of NO!”. An increasing number of product releases and daily software deployments overwhelms the security department additionally.

Turn the tables by rolling out a security champions program. Accelerate your product development while staying secure by establishing security-as-code and a security culture across your organization with A&B. Stay innovative and improve your overall security posture!


Alice&Bob.Company enables teams to act as Security Champions by example. After integrating in the team, A&B employees start to implement security-as-code in each phase of the DevSecOps pipeline and reach a high degree of security automation.

Together with the client’s leadership team and in alignment with the general companies’ security policies, the Security Champions Program covers e.g.


The Alice&Bob.Company follows its very own “integrate&enable” approach to get the most out of the program for the client and create a customer centric program, that addresses organizations, teams, and tools.


The A&B Security Champion integrates immediately in clients product team, defines possible threats in mutual workshops and starts leading the change. After clarification, the Security Champion starts implementing Security-as-Code in all phases of the DevSecOps lifecycle.  


As interim Security Champions and mentors, A&B not only implements Security-as-Code, but onboards clients novice Security Champions, empowers them with recurring trainings on how to become a Security Champion and sets up the right communication channels to build a network of Security Champions.

After starting with a “lighthouse” team, A&B continues to roll-out the program across various teams.

Once the Security Champions Program is initially rolled out, A&B will take care to continuously improve the program. There will be bi-weekly moderated team retrospectives with the novice client Security Champions.


Main advantages of launching a Security Champions Program with A&B:

other products in 04 continuous improvement

Continuous Penetration Testing

Minimize the risk of application vulnerabilities by combining manual and continuously automated penetration testing for your web applications and API’s.

Cloud Security Posture Management

Keeping visibility and enforced security across public cloud accounts – probably across multiple public cloud vendors with the right tools: facilitate a managed Cloud Security Posture Management (CSPM) service by Alice&Bob.Company.

Managed Container & Serverless Security

Have you heard about Kubernetes Security Posture Management (KSPM)? Keep a clear view on your Cloud and Serverless Security with A&B’s Managed Container & Serverless Security.

Managed Perimeter Protection

Protect your publicly accessible websites, e-commerce platforms, IoT-, IIoTT-applications and other dynamic web application against abuse of bugs, vulnerabilities and Distributed Denial of Service (DDoS) attacks. The team of A&B and AWS give you a peaceful sleep. 

CI/CD Pipeline improvement

Pimp your existing CI/CD pipeline to the next level! Alice&Bob.Company continuously monitors and improves your current CI/CD pipelines.
We continuously integrate automated and scalable Cloud Security into your software development lifecycle.

Security Chaos Engineering Program

Transfer the disruptive operational method of chaos engineering, developed initially by Netflix, to cloud security. We accompany your team(s) over the course of 12 month to establish the concepts and culture of Security Chaos Engineering (SCE).

Cloud Security Trainings

Never stop learning! The cloud never stops teaching! In Jan 2021 AWS consists of more than 199 ready to use service. 45+ of those are security related. Let us help to enable and educate you team(s) with an individual training plan over a timeframe of 6 to 24  months.

Custom Tailored Managed Service

Is there anything you need, but we haven’t covered? We are always curious and eager to learn about your requirements. And maybe, we develop a new Cloud Security Managed Service together.