Consulting Services

I'm currently available as an independent consultant around application security, security design, security architecture, operational security, process change, and related fields.  I'm interested in considering full-time positions too; my resume is here.  I'm also available as a public speaker.

I have a Patreon, here, where you can subscribe to support my security and systems-focused writing.  You sign up for a fixed amount per essay (with an optional monthly cap), and you'll be notified every time I publish something new.  At higher support levels, you'll get early access, a chance to get in-depth answers to your questions, and even for more general consulting time.

If you like the work I do, you can also support it via Flattr:

Flattr this is meI write, give talks, make art, and take photographs, and work on a number of public projects.  You can hire me to do all of these things.   © 2017 Eleanor Saitta.

Hire Me!

I'm happy to solve your application security architecture, security process, and security strategy problems.  Below are specific things I do for clients on a regular basis.  However, every client interactions is different and I'm interested in working with you to solve the problems you have and to find the engagements that are valuable for both of us.  If you know you need assistance in an area like security but you're not sure quite what you need, I'm also happy to sit down with you and figure out what you actually need and who'd be the best fit for you, regardless of whether or not it's me.

  • Product Security Design

    Product security design is the process of determining what kind of system, which security properties, and which participation or behavior structures will allow the people using the system to accomplish their goals in the world, given their adversaries.  I can work with your design team from day one to ensure that the application you design will deliver the security outcomes the people your system serves need.

  • Threat Modeling & Security Architecture Review

    Threat modeling is the core of the software security lifecycle and is where you determine if the system you've designed and architected can deliver on its security requirements.  Threat models also let you catch otherwise expensive requirements-level vulnerabilities much earlier.  I can build a threat model for your application from scratch, or improve and formalize the model you already have.  If you bring me in early in your requirements process, this threat modeling effort can significantly reduce the cost and churn of delivering a secure application.

  • Security Process Improvement

    No development team is perfect.  Whether you're just starting out or you have an experienced team looking to take their next step, I can help you achieve your goal of delivering more secure products while working within your team culture and budget.

  • Operational Security Review

    If your organization has adversaries, you need to think about how you reach your goals and balance risk and efficacy.  Regardless of the context you work in, I can help you find that balance for both digital and non-digital operational security.

  • Training

    It's important to bring skills in-house, and I can help your team learn how to use and create threat models and how to work with the security design process.

I've been working in application security since 2003 and doing research around threat modeling and security architecture since 2004.  In 2012, I moved to the NGO sector and started working with high-risk teams, looking at operational security, cross-domain challenges, and the specific demands of high-risk and decentralized systems, and in 2016 I brought those skills back to the commercial world.  Over the past decade-and-change I've worked for a number of the best-known boutique security consultancies in the business and done projects for Fortune 500 companies, early phase start-ups, NGOs working in conflict regions, and everything in between.  For more information on my background see here; for my resume, see here.  References and rates are available upon request.