Secure Delivery Review - Insurance
Sector: Insurance
Role: Lead Consultant
Engagement Type: Structured Assessment and Strategic Advisory
From fuzzy architecture and fragmented ownership to a clear roadmap for secure, scalable delivery - through a tailored, AI-supported review that built trust across teams and stakeholders.
The Challenge
A global insurance mutual needed a clear view of the risks hidden in its delivery pipelines and architecture - without slowing down change. Over time, responsibilities blurred, feedback loops weakened, and the clarity that once kept systems safe had faded.
The application in focus was business-critical and hosted in the cloud, talking to an on-premises back-end. Architecture clarity had faded, cyber responsibilities had become implicit, and confidence in the delivery process was inconsistent.
The organisation wasn’t in crisis, but it wanted a trusted outside view:
- Where are our risks?
- Are we operating in line with our expectations?
- How can we improve delivery while staying safe?
The Starting Point
- The architectural map didn’t match reality - some diagrams were outdated, others didn’t exist
- CI/CD pipelines were in place, but lacked consistent guardrails for testing or security
- No single owner for access control or identity - critical roles were assumed, not managed
- Feedback loops between dev, ops, and product were fragile - issues got fixed, but not learned from
- Key delivery knowledge lived in people’s heads, not shared systems - fragile and hard to scale
What I Did
Designed a Review Format Built for Trust and Change
- Created a tailored Secure Delivery Review - not an audit, but a strategic conversation
- Built interview guides, walkthrough templates, and a maturity model focused on real-world delivery risk
- Grounded the approach in software realities - not just cyber frameworks
Ran a Deep-Dive Assessment Across the Flow of Change
- Led structured interviews and walkthroughs across engineering, product, architecture, QA, and ops
- Assessed delivery maturity across seven dimensions - from secure SDLC to operational feedback loops
- Used AI tools to accelerate analysis, reduce bias, and surface patterns from fragmented sources
Delivered Insight That Drove Action
Produced a board-ready report with:
- A visual maturity snapshot
- Clear thematic findings with evidence
- Prioritised recommendations: Quick Wins and Strategic Enablers
- Framed every recommendation in business-first terms - showing risk reduction and delivery impact
What Changed
From Blind Spots to Shared Clarity
- Surfaced delivery and cyber risks that had never been formally captured
- Unified technical and non-technical teams around a credible maturity snapshot
From Gut Feel to Board-Ready Roadmap
- Equipped leadership with a prioritised action plan - balancing risk, effort, and value
- Made next steps visible, actionable, and owned across departments
From Uncertainty to Trust
- Earned engineering greater trust by showing they could own and evolve delivery safely
- Reframed the review from a one-off assessment to a reusable strategy tool
Reflections
In regulated environments, ambiguity is a risk vector. This engagement showed how structured insight - delivered clearly and credibly - can align teams, expose hidden gaps, and turn delivery risk into leadership confidence. When reviews build trust instead of fear, change becomes not just safer, but faster.
A Bespoke Application of The Friction Index
This review was an early, tailored deployment of what’s now The Friction Index - adapted for a regulated environment with heightened security concerns.
The Friction Index framework proved flexible and effective here - surfacing cyber risks, clarifying architecture, and aligning leadership around actionable next steps.
→ See how the framework was developed: AI-Driven Delivery Review
If you’re facing delivery risk or architectural uncertainty or want to improve how change flows through your systems
- I can help.