Human-centered design
Building services that meet people’s needs
Approach > Cybersecurity
Building with a security-always mindset
Government agencies face persistent and increasingly malicious cybersecurity attacks that threaten government services and public confidence.
Ad Hoc gives agencies a multi-layered approach to cybersecurity that offers increased protection against a broad range of threats.
We apply security practices throughout our work, from learning about users’ security needs to building simple systems that limit risk profiles to testing security through threat modeling and automated tooling.
Areas of focus for Ad Hoc’s cybersecurity strategy:
Risk management
Threat assessment
Vulnerability assessment and management
Incident response
Penetration testing
Security information and event management (SIEM)
Automated infrastructure security
Cloud security
End-user education and training
Disaster recovery and business continuity planning
Security + digital experience
Robust cybersecurity is also a core component of effective digital services. It promotes trust, can increase user adoption, and improves the customer experience of federal services.
That is part of why cybersecurity is baked into every aspect of support Ad Hoc offers to our customers. With Ad Hoc, agencies can take a proactive approach to security rather than a checklist of activities to complete before launch. This mindset improves security, helps agencies achieve industry best practices, and supports the government’s advancement toward a Zero Trust architecture.
Collaboration
Security is a shared responsibility. Ad Hoc’s cross-functional teams bring a security mindset into sprint planning, product roadmaps, and user research sessions. This gives people the opportunity to raise security risks that otherwise might not get noticed. A collaborative cybersecurity approach strengthens and enhances the collective security posture of the entire program.
Response
In addition to robust incident response procedures, Ad Hoc runs Game Day scenarios to train the entire team on response best practices and tailor techniques to each individual program and system. Through practice and collaboration, agencies can expect better response time, availability, and overall up time for their systems.
Enablement
DevOps and cybersecurity personnel work together to establish automated tasks and tooling to look for security vulnerabilities in real-time. By using automated security testing and monitoring, we ensure that security is always at the forefront of our designs and teams are automatically notified of any security concerns. We also promote observability and analytics to enable agencies to manage cybersecurity risk by reducing the total threat surface area.
