top of page

Introducing AppSec Assurance Strategy Led by Brook S.E. Schoenfield

Updated: Jun 20

We’re excited to announce the launch of our AppSec Assurance Strategy services. This offering rounds out our existing tooling and managed AppSec programs, not only shifting security left in the development cycle, but to the very foundations of an organization’s engineering practices.

Why AppSec Strategy?

Threats have grown more frequent, and as a result AppSec has grown increasingly complex and needs to be coordinated across disciplines. It’s no longer enough to focus on it in a product security team alone. A robust AppSec assurance strategy ensures that everyone plays a part in protecting products, systems, users, and credibility.

What Does AppSec Strategy Look Like?

The main components of our offering are:

Threat Modeling

We analyze your product, application, system, or your business model to derive an appropriate security architecture so that you can defend attack surfaces, protect assets, and prepare for threats.

Best Practices & Maturity

We look at your existing application security practices and systems to discover gaps and improve effectiveness.

Program Oversight

We operate within your program with the benefit of AppSec industry experience and an outside perspective, to ensure performance accountability.

Leadership Development

We make sure that you don’t have to rely on us alone—train and elevate internal leaders in secure design and technical security with our training.


We build up your entire team through intensive, practical training in all of the above.

Meet Brook S.E. Schoenfield

Brook is the Principal Software Security Strategist, and Strategy Practice Leader at True Positives. You may already know him as a recognized software security expert in the industry, with several books published on the subject. You can read more about him in his first post with us, Growing Up AppSec.

His team’s goal is to bring hard-to-source AppSec strategy experience to firms of all sizes, to help level the playing field in trust and data protection in a way that’s practical, constructive, and budget-friendly.

Ready to see how AppSec strategy fits at your firm?

Get AppSec Assurance Strategy Service Brief (here).

Arrange a NO FEE Consultation (here)

About True Positives, LLC.

True Positives (aka T+) is an application security consultancy specializing in test automation and assurance services. We support security teams and toolmakers alike to help the entire industry shift left and beyond.



Call: (360) 557-3918


AppSec Peace of Mind Starts Here.
What Have You Got to Gain?

PracticalAppSec Forum (1).jpg

Our Monthly Newsletter, PracticalAppSec!

Hone your AppSec SuperPowers with tips and tricks to tighten security and manage your budget, and so much more!

bottom of page