A major shipping company faced common security challenges: a reliance on expensive tools, mounting technical debt from third-party libraries, and the perpetual challenge of keeping systems secure while maintaining development velocity.
What began as a standard security engagement evolved into a transformative 18-month partnership that revolutionised their approach to secure development.
The challenge
Despite having access to security tools and processes, the company struggled with fundamental security integration issues common in modern development environments.
The development teams faced significant resistance to security changes, and existing approaches treated security as an afterthought rather than a built-in feature.
Key issues included:
- A high number of vulnerable third-party libraries
- Security treated as a post-development concern
- Heavy reliance on expensive security tools
- Resistance to security changes from development teams
- Need for sustainable, long-term security improvements
"Security should be a feature, not a fix," noted a Chaleit consultant, highlighting the fundamental shift needed in approach.
The solution
Rather than following the conventional path of implementing expensive security tools, Chaleit proposed a people-first approach focused on sustainable transformation.
Cultural and process changes
- Worked directly with development teams to build security awareness
- Created comprehensive documentation and how-to guides
- Established security as a core feature in the development process
- Implemented threat modeling at the design phase
Technical implementation
- Introduced code review practices outside the regular penetration testing cycle
- Implemented efficient third-party library management
- Utilised a strategic combination of open-source and trial tools
- Created customised security blueprints for development teams
The program emphasised collaboration and knowledge transfer, ensuring that security became an integral part of the development process rather than a bolt-on addition.
The outcome and aftermath
The transformation yielded remarkable improvements across various areas.
Security posture
- Reduced vulnerable dependencies from 250-300 to less than 40 per repository
- Achieved clean code output regardless of the scanning tool used
- Integrated security considerations into initial design phases
- Established sustainable security practices
Cost savings
- Avoided $250,000+ in security tool investments
- Eliminated the need for expensive proprietary solutions
- Created sustainable, cost-effective security processes
- Maximised value from existing resources
Organisational impact
- Transformed security from a barrier to an enabler
- Enhanced developer understanding and buy-in
- Created self-sufficient security-aware development teams
- Established reproducible security frameworks
What made this engagement particularly successful was its focus on people over tools.
Rather than implementing expensive security solutions, we helped the client build internal capabilities and establish sustainable practices that delivered better results at a fraction of the cost.
Key takeaways
- Security tools alone cannot solve fundamental security challenges. Significant security improvements can be achieved without massive tool investments.
- Sustainable security requires cultural and process changes.
- Developer collaboration yields better results than top-down security mandates.
- Success depends on treating security as a feature rather than a fix.
- Interactive cyber security services yield richer results than rigid tool implementations.
The engagement demonstrates how DevSecOps can transform security from a costly overhead into a valuable business enabler. Through systematic improvement and focus on people, the client achieved better security outcomes while avoiding significant ongoing tool costs.
