Building with a security-always mindset

Blocky, the Ad Hoc mascot, holding a key while walking to a window with a cybersecurity shield and lock symbol on it.

Government agencies face persistent and increasingly malicious cybersecurity attacks that threaten government services and public confidence.

Ad Hoc gives agencies a multi-layered approach to cybersecurity that offers increased protection against a broad range of threats.

We apply security practices throughout our work, from learning about users' security needs to building simple systems that limit risk profiles to testing security through threat modeling and automated tooling.

Areas of focus for Ad Hoc’s cybersecurity strategy:

  • Risk management
  • Threat assessment
  • Vulnerability assessment and management
  • Incident response
  • Penetration testing
  • Security information and event management (SIEM)
  • Automated infrastructure security
  • Cloud security
  • End-user education and training
  • Disaster recovery and business continuity planning

Security + digital experience

Robust cybersecurity is also a core component of effective digital services. It promotes trust, can increase user adoption, and improves the customer experience of federal services.

That is part of why cybersecurity is baked into every aspect of support Ad Hoc offers to our customers. With Ad Hoc, agencies can take a proactive approach to security rather than a checklist of activities to complete before launch. This mindset improves security, helps agencies achieve industry best practices, and supports the government’s advancement toward a Zero Trust architecture.

Ad Hoc’s approach


Security is a shared responsibility. Ad Hoc’s cross-functional teams bring a security mindset into sprint planning, product roadmaps, and user research sessions. This gives people the opportunity to raise security risks that otherwise might not get noticed. A collaborative cybersecurity approach strengthens and enhances the collective security posture of the entire program.


In addition to robust incident response procedures, Ad Hoc runs Game Day scenarios to train the entire team on response best practices and tailor techniques to each individual program and system. Through practice and collaboration, agencies can expect better response time, availability, and overall up time for their systems.


DevOps and cybersecurity personnel work together to establish automated tasks and tooling to look for security vulnerabilities in real-time. By using automated security testing and monitoring, we ensure that security is always at the forefront of our designs and teams are automatically notified of any security concerns. We also promote observability and analytics to enable agencies to manage cybersecurity risk by reducing the total threat surface area.

Security for digital experiences

Improve your digital services by adopting a security-always mindset.

Talk to the team