Case Study

How Thoughtworks and Coalfire Optimize Risk Management

June 12, 2023
Globe security tech image

Thoughtworks, a global technology consulting firm known for pioneering the agile programming movement, recognized the need for more continuous and automated penetration testing to address the ever-evolving security challenges faced by many digitally driven organizations. In collaboration with Coalfire, Thoughtworks embarked on an offensive security journey to further enhance protection of its internal and external development security operations.

Watch the case study video


Increasing adoption of distributed cloud environments means an expanded attack surface that presents more opportunities for bad actors. Traditional security approaches have lost their effectiveness in preventing cybercrime. As an open-source pioneer and thought leader in cloud-driven AppDev and the Zero Trust movement, Thoughtworks has always recognized the importance of integrating an offensive adversary mindset and implementing ongoing penetration testing as a vital part of its risk management toolkit.

From Thoughtworks’ Decoder section on its website:

A business cannot use ‘hope as a strategy’ anymore to prevent cybercrime. Neither is it merely a question of using virus checkers and a firewall. Using penetration testing regularly throughout your systems’ lifespans and continually upgrading your strategy, pen testing can form a vital part of your risk management toolkit.

Like rainwater soaking into the ground, attackers are exploiting every weakness and penetrating cloud environments with alarming skill and speed. Previously used defensive cyber postures are becoming obsolete – Thoughtworks recognized a need to integrate today’s offensive adversary mindset into better protecting internal and external development security operations.


Security goes to the heart of trust in the relationship we build with our customers.

Nitin Raina, Global CISO, Thoughtworks

For Thoughtworks, security is more than just table stakes for its clients. Working with its cloud service provider and Coalfire on modernizing its cyber program and risk posture, Thoughtworks:

  • Strengthened its ability to think like an attacker through alternative analysis and emulation.
  • Implemented an enhanced pen testing program using Coalfire's advanced automated platform and cross-industry offensive security expertise.
  • Simulated individual attack patterns and long-term scenarios based on the Thoughtworks threat model, including specific adversaries and Advanced Persistent Threats (APTs).
  • Strengthened its vulnerability management program to identify and address new hosts, run times, protocols, cloud misconfigurations, and anomalous behaviors.
  • Implemented enhanced threat hunting activities to detect indicators of compromise, improve detection capabilities, and minimize attacker dwell times.
  • Improved upon its ongoing red teaming and purple teaming exercises from the perspective of an attacker.
  • Increased engagement of its engineering teams in remediating complex findings, treating security issues in the development lifecycle as urgent situations that require immediate attention.


Thoughtworks relied on the MITRE ATT&CK® framework to improve upon the vulnerability stacks, which help inform and refine their defensive capabilities, aligning with specific threat models and improving their offensive strategies.

“We believe in emulating adversaries for defensive purposes and challenging our systems at every stage,” said Raina. “Best-practice pen testing has to be ongoing, always increasing the security IQ of our clients and our company.”


By partnering with Coalfire, Thoughtworks achieved notable improvements and benefits, including time-to-remediation measures, and a reduction in risk scores aligned with business outcome prioritization. Additional advantages include:

  • Measurable enhancements in program maturity through automated external pen testing, emulation, and red teaming, resulting in improved attack surface visibility.
  • Enhanced validation tools for oversight and reporting to the board and C-suite.
  • Additional continuous and on-demand assurance to executives, partners, and customers, demonstrating the company's ongoing commitment to protecting the supply chain and high-value assets.
  • Increased awareness of the evolving threat landscape through dynamic vulnerability assessments and faster real-time response capabilities.
  • Heightened customer trust in the company's business resiliency.


As Thoughtworks leans into a modern, holistic offensive security program, my team is striking a balance between risk reduction and adversary simulation. Thanks to our alignment with the right partner – Coalfire – the implementation of repeatable, platform-based pen testing is helping us better eliminate vulnerability fatigue and avoid the pitfalls of chasing too many false positives.

Nitin Raina, Global CISO, Thoughtworks

As network perimeters in complex computing environments dissolve, the best defense now lies in adopting offensive strategies. In collaboration with Coalfire and its cloud provider, Thoughtworks has embraced a more offensive security program that encompasses even greater continuous testing, enabling them to more effectively manage their attack surface, safeguard products throughout their lifecycle, and build trust with their customers.

As network perimeters continue to disintegrate in today’s complex, hybrid computing environments, it’s become impractical to defend against every threat. The best defense is now a better offense. Leaders like Thoughtworks are accelerating their adoption of offensive strategies defined by programmatic adversary emulation and continuous enterprise penetration testing.

Mark Carney, Executive Vice President, Coalfire