Our Practitioners

Toby Irvine

Product Security Specialist

Toby is the CEO and one of the co-founders of Secure Delivery. He has spent (well) over 20 years in secure software engineering, designing and building large scale on-premise and cloud systems across many industries. He’s established & managed secure engineering and security engineering functions in highly regulated organisations.

He’s trained technical and non-technical delivery roles across the Americas, EMEA and APAC in modern application security practices and founded Secure Delivery to bring both strategic advisory and proven training in modern application security thinking, practices and tooling to regulated organisations.

He’s the author of HSBC’s Secure Development Handbook—the “field guide” to secure application development at one of the largest banks in the world, in use by 30,000 software developers across 68 countries.

He has a deep passion for education and ensuring everyone involved in technology product and service delivery understands how to ensure things are as secure as they need to be. He believes that no one should have their personal data or money stolen or lose access to the vital services and products they depend upon from a security incident. As part of this mission he is project lead for the OWASP Open AppSec Curriculum, a joint industry and academia effort to define the essential security knowledge required for people involved in building software systems.

  • Digital Product Security
  • Security Engineering
  • Secure Product Management
  • Secure Technology Leadership
  • Training & Development
  • Financial Services
  • Banking
  • Transport
  • Telecoms
  • Medical
  • Retail
  • Media
Skills & Certifications
  • Enterprise Software Development
  • Cloud Security & Architecture
  • Technology Leadership
  • Data Engineering
  • Automation

Articles by Toby Irvine

Article Image
Security, Secrets, Best Practices

The Lost Art of Keeping a Secret

Benjamin Franklin said that three people can keep a secret only if two of them are dead. If you want to keep your teammates around, let's look at handling secrets in product development.

Article Image
Security, DevSecOps, DevOps

What is DevSecOps? (And DevOps)

The IT industry has a history of taking simple practices and turning them into monstrous delivery frameworks with little of the original left. We'll wind back to see what's really going on.

Article Image
Security, Product, Quality

Securing the Digital Factory: Part 1

Analogies are terrible, but the factory one has shown some use in software engineering. Let's gird our analogous loins and take a look at how we secure this digital factory.

Article Image
Security, Process

Chesterton's Fence, and Monkeys

It can be hard to know how to change your ways of working to be more secure. Here we look at the types of security controls and what monkeys have to teach us about processes.

Article Image
Security, Organisations

How to Scale Product Security Across …

Your security team is overloaded. There are barely enough hours in the day to keep up with incoming requests, let alone improve ways of working. What's the cause of this?

Article Image
Security, Networks

What is The Cloud? (it's Zero Trust)

The internet is a scary place. Thankfully we've got all our services on a private network and only accessible over a dedicated link. That's more secure, right? Right? Oh no...

Article Image
Security, Process

The Chaos Butterfly of Security …

We specifically requested that things must be secure. It's detailed at length in our security policies and standards on Sharepoint. Why aren't things more secure?

Article Image
Security, Delivery

The Biggest Misconception in …

Your instinct for safety isn't necessarily correct. Delivering slowly isn't more secure, it's fearful, and if you're afraid of changing a system then the system is not secure

Article Image
Security, Product, Organisations

Building a Culture of Quality, Not Just …

In this article we explore the concepts of quality and culture within an organisation. And, in a startling break with tradition, actually define what they are and how to change them

Article Image
Security, Product, Organisations

Number of Data Breaches is not a Good …

It's hard to manage product security if all you have is a lagging indicator of it. Reacting to data breaches is not planning ahead. How do you know that things are being built securely?


Some feedback from our clients.

People are at the centre of digital product security. Our approach means we work directly with the people making decisions, building and infuencing product development.

We love to work with these teams and we love to hear from them as to how they've found working with us. Here are some examples of the feedback we get from teams across our clients' organisations.


I like how you tied back Security to the four metrics metrics in Accelerate as well as SRE principles, that was very clear. I was actually already planning to recommend you to some people in my network :)

SRE Energy Sector
Engineering Foundations Course

[Practioner] clearly has a wealth of expertise in application security, and uses this very effectively to provide a highly informative course that includes insights and recommendations specific to our business domain. I am confident that other business domains would be equally served due to [Practitioner]'s range of experience.

Engineering Medical Equipment & Devices Sector
Decision Makers Foundations Course

The hands on sessions of seeing an issue and then fixing it in the code really brought it to life. Letting us do the fixing rather than watching keeps you involved, I thought the site was excellent

Engineering Retail Sector
Secure Coding Workshop

[Practitioner]'s knowledge and experience is exceptional. I really liked the Case Studies. I could always use more.

IT Management Medical Equipment & Devices Sector
Decision-Makers Foundations Course

Good to refresh and increase knowledge, labs were enjoyable and illustrated the points well.

Engineering Energy Sector
Secure Coding Workshop

[Practioner] was engaging, knowledgable and great to listen to and work with

Engineering Retail Sector
Engineering Foundations Course

Great news, the amazing [Practitioner] from Secure Delivery has agreed to deliver security training again this year!

Tech Leadership Energy Sector
Engineering Foundations Course

Security is part of delivery

and we'll help make it happen

If you'd like to find out more about securing and raising the quality of your digital product delivery to stand out from the competition then get in touch with us. We'd love to have a chat about our proven approach and see how we can best help your organisation succeed.