Product Security and Vulnerability Management

SITUATION

Our client was struggling with a growing backlog of security architecture and risk assessment documentation for new products. They had several employees out on extended leave and needed to scale up based on demand as well as a general lack of resources. They partnered with Apex due to a long-standing relationship and our ability to identify consultants with niche skill sets.

Apex deployed a fit-for-purpose team comprised initially of a Systems Engineer and Security Analyst with a medical device and risk assessment background. This team was supported by Apex Engagement Managers. Our team created an onboarding document consisting of trainings, artifacts, and sites to accelerate the consultant ramp-up time. Our consultants created an intake process of products for better visibility. The team populated and leveraged a newly implemented tool, Nova Leah, for risk assessments. Apex performed Stride threat modeling and the Common Vulnerability Scoring System (CVSS) to score vulnerabilities for products’ cyber security framework. They worked with the client to refine the team’s composition to overcome the difficulties associated with finding specialized skill sets. Our consultants conducted vulnerability management, detection and monitoring, ongoing testing for devices, and activities surrounding customer inquiries and questionnaires. Additional deliverables for this project consisted of providing documentation for privacy and security. 

RESULTS

Apex enabled our client to mitigate product risk and vulnerabilities while complying with CONUS and OCONUS regulations. Our team updated and completed risk assessment documentation, threat model and post-market support on various products ahead of schedule or on time. Other teams in the client’s organization see this team as having the best practices and go to them for help with backlogs.