SlideShare a Scribd company logo

How to Choose the Right Security Training for You

Download as PPTX, PDF
Cigital
Cigital

There aren't enough security experts to fill the more than 1 million open cybersecurity jobs. If you’re lucky enough to have the security staff it’s important to keep them motivated and learning, to do that you need to know what options are open to you. We’ll take a dive into training options so you can pick what’s right for your staff and your organization.

Software
1 of 18
If you teach a man to fish he’ll eat for a lifetime. How to choose the right type of software security training
Threat agents are getting smarter. Are you? Staying ahead of cyber attacks requires continuous learning.
Are you building a software security culture? You need to build the software security skills of everyone involved in developing, licensing, or managing software.
If you need more application security skills, you aren’t alone*. 0 10 20 30 40 50 60 70 80 90 100 What types of skills are you seeking to add to your organization? In-house Consultant Cloud services *SANS
• Reduces the risk of a cyber attack up to 70%.* • Reduces the cost of a data breach by $8 per record (from $154 to $146).** • Helps reduce staff turnover, lowering costs of hiring and onboarding difficult-to-find cybersecurity talent. Training has a measurable return on investment *Ponemon **Wombat Security Technologies and the Aberdeen Group
How will your team learn to fish?
What do mature software security initiatives do? The Building Security In Maturity Model (BSIMM) has measured over 100 firms to see how they handle software security training. See what we found out on the next slide.
How does your training program compare? BSIMM Training Activity Participation Rate Least mature software security initiatives Provide awareness training. 76% Deliver role-specific advanced curriculum (tools, technology stacks, bug parade) 33% Create and use material specific to company history. 22% Deliver on-demand individual training. 46% Somewhat mature software security initiatives Enhance satellite support in the organization through training & events. 13% Include security resources in onboarding. 19% Identify satellite through training. 8% Most mature software security initiatives Reward progression through certification or HR. 4% Provide training for vendors or outsourced workers. 4% Host external software security events. 4% Require an annual refresher. 10% Establish office hours for the Software Security Group. 5%
Which style of training is right for your team? There are many ways to build software security expertise. The training format you choose depends on your goals, participants’ needs, timing, and budget considerations. See the full spectrum of training styles on the next slide.
Training Spectrum eLearningWeb searches Recorded Instructor-led courses Packaged instructor-led courses Custom instructor-led courses Consulting Staff augmentation Minimal knowledge transfer Least resources required Maximum knowledge transfer Most resources required
A deep dive into two training styles
Instructor-led training is like fishing with a spear. It focuses on specialized skills for small groups
7 benefits of an instructor-led training approach 1. Your curriculum can be customized to match your organization’s security policies and practices. 2. Instructors can adjust lessons “on-the-fly” to meet the needs of specific students or unexpected questions. 3. Students can fully engage in training without distractions. 4. Learning is reinforced with real-time discussions with instructors and other students. 5. Students can work together in teams to problem-solve, developing communication and collaboration skills. 6. Students can participate on-site or remotely via video conferencing. 7. You can record sessions and share them with other participants.
Who uses instructor-led training? • Organizations that want to create a pool of software security experts, including secure software development and architecture. • Teams that are cross-training IT staff for a cyber security career path. • Managers and evangelists who will be responsible for spreading new ideas and practices among the rest of their team.
eLearning is like fishing with a net. It trains more people with a broad-based approach.
7 benefits of an eLearning training approach 1. More students can join classes, regardless of where they live or work. 2. Everyone receives the same instruction, so you know all students achieve a minimum level of knowledge. 3. Students can learn at their own pace, pause, or review as needed. 4. Individual participation and performance can be tracked and measured. 5. Courses can be updated to reflect new topics and examples. 6. Often less expensive and doesn’t include additional travel costs. 7. Does not require time away from work.
Who uses eLearning? • Teams that welcome new hires—particularly entry-level developers and IT staff—to build a strong security foundation and reduce onboarding time. • Organizations with third-party development shops and contractors that require all partners to follow consistent security practices. • Highly regulated organizations that need to demonstrate security compliance training for all employees.
Ready to embrace software security training hook, line, and sinker? Learn more

Recommended

Get Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM AssessmentGet Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM Assessment
Cigital
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions
Cigital
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security Program
Cigital
 
The Path to Proactive Application Security
The Path to Proactive Application SecurityThe Path to Proactive Application Security
The Path to Proactive Application Security
Cigital
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself Secure
Cigital
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin?
Cigital
 
Software Security Metrics
Software Security MetricsSoftware Security Metrics
Software Security Metrics
Cigital
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyder
Sebastien Deleersnyder
 

Recommended

Get Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM AssessmentGet Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM Assessment
Cigital
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions
Cigital
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security Program
Cigital
 
The Path to Proactive Application Security
The Path to Proactive Application SecurityThe Path to Proactive Application Security
The Path to Proactive Application Security
Cigital
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself Secure
Cigital
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin?
Cigital
 
Software Security Metrics
Software Security MetricsSoftware Security Metrics
Software Security Metrics
Cigital
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyder
Sebastien Deleersnyder
 
Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!
Cigital
 
5 Models for Enterprise Software Security Management Teams
5 Models for Enterprise Software Security Management Teams 5 Models for Enterprise Software Security Management Teams
5 Models for Enterprise Software Security Management Teams
Cigital
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Cigital
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the things
Jerod Brennen
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cycle
vulsec123
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
1&1
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
BeyondTrust
 
OWASP Open SAMM
OWASP Open SAMMOWASP Open SAMM
OWASP Open SAMM
intive
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
BeyondTrust
 
Skills that make network security training easy
Skills that make network security training easySkills that make network security training easy
Skills that make network security training easy
EC-Council
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
Ishrath Sultana
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
London School of Cyber Security
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
SeniorStoryteller
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
Vicky Ames
 
Layered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsLayered Approach - Information Security Recommendations
Layered Approach - Information Security Recommendations
Michael Kaishar, MSIA | CISSP
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security Frameworks
Marco Morana
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
Denim Group
 
Video Game Security
Video Game SecurityVideo Game Security
Video Game Security
Cigital
 
7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMM7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMM
Cigital
 

More Related Content

What's hot

Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
BeyondTrust
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
Vicky Ames
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security Frameworks
Marco Morana
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
Denim Group
 

What's hot (20)

Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!
 
5 Models for Enterprise Software Security Management Teams
5 Models for Enterprise Software Security Management Teams 5 Models for Enterprise Software Security Management Teams
5 Models for Enterprise Software Security Management Teams
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the things
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cycle
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
 
OWASP Open SAMM
OWASP Open SAMMOWASP Open SAMM
OWASP Open SAMM
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
 
Skills that make network security training easy
Skills that make network security training easySkills that make network security training easy
Skills that make network security training easy
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
 
Layered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsLayered Approach - Information Security Recommendations
Layered Approach - Information Security Recommendations
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security Frameworks
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
 

Viewers also liked

CB Corporate Profile
CB Corporate ProfileCB Corporate Profile
CB Corporate Profile
Colin Byrne
 
Warehouse
Warehouse Warehouse
Warehouse
Michael Boudreau
 
Andy Warhol
Andy WarholAndy Warhol
Andy Warhol
cmacke03
 
Company profile
Company profileCompany profile
Company profile
Riaz Kh
 

Viewers also liked (20)

Video Game Security
Video Game SecurityVideo Game Security
Video Game Security
 
7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMM7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMM
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
Photoshop lesson diary
Photoshop lesson diaryPhotoshop lesson diary
Photoshop lesson diary
 
Sent Down To Suffer
Sent Down To SufferSent Down To Suffer
Sent Down To Suffer
 
Resume222
Resume222Resume222
Resume222
 
CB Corporate Profile
CB Corporate ProfileCB Corporate Profile
CB Corporate Profile
 
Smitha R.S.
Smitha R.S.Smitha R.S.
Smitha R.S.
 
Warehouse
Warehouse Warehouse
Warehouse
 
Direct Provision for Asylum Seekers - Putting Children at Risk?
Direct Provision for Asylum Seekers - Putting Children at Risk?Direct Provision for Asylum Seekers - Putting Children at Risk?
Direct Provision for Asylum Seekers - Putting Children at Risk?
 
Forester v2.0
Forester v2.0Forester v2.0
Forester v2.0
 
Exploring the array of influence on the construction of child neglect
Exploring the array of influence on the construction of child neglectExploring the array of influence on the construction of child neglect
Exploring the array of influence on the construction of child neglect
 
Forester v1.0
Forester v1.0Forester v1.0
Forester v1.0
 
Andy Warhol
Andy WarholAndy Warhol
Andy Warhol
 
Gurushant H Portfolio
Gurushant H PortfolioGurushant H Portfolio
Gurushant H Portfolio
 
Company profile
Company profileCompany profile
Company profile
 

Similar to How to Choose the Right Security Training for You

Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
Swati Gupta
 
Successful DevSecOps Organizations - by Dawid Balut
Successful DevSecOps Organizations - by Dawid BalutSuccessful DevSecOps Organizations - by Dawid Balut
Successful DevSecOps Organizations - by Dawid Balut
Dawid Balut
 
Cybergate International - Your Cyber Security Partner - Company Profile.pdf
Cybergate International - Your Cyber Security Partner - Company Profile.pdfCybergate International - Your Cyber Security Partner - Company Profile.pdf
Cybergate International - Your Cyber Security Partner - Company Profile.pdf
FrancescoMifsud1
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Richard Lawson
 
Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA)Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA)
kamranrazzaq8
 
Employee Cybersecurity Training
Employee Cybersecurity TrainingEmployee Cybersecurity Training
Employee Cybersecurity Training
kamranrazzaq8
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
Kimberly Hood
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!
Tammy Clark
 
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docxBest Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
tangyechloe
 

Similar to How to Choose the Right Security Training for You (20)

Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Cybersecurity.pdf
Cybersecurity.pdfCybersecurity.pdf
Cybersecurity.pdf
 
Top 10 Measure to Mitigate Insider Security Threats.pptx
Top 10 Measure to Mitigate Insider Security Threats.pptxTop 10 Measure to Mitigate Insider Security Threats.pptx
Top 10 Measure to Mitigate Insider Security Threats.pptx
 
Csmp overview may 14
Csmp overview may 14Csmp overview may 14
Csmp overview may 14
 
Successful DevSecOps Organizations - by Dawid Balut
Successful DevSecOps Organizations - by Dawid BalutSuccessful DevSecOps Organizations - by Dawid Balut
Successful DevSecOps Organizations - by Dawid Balut
 
Cybergate International - Your Cyber Security Partner - Company Profile.pdf
Cybergate International - Your Cyber Security Partner - Company Profile.pdfCybergate International - Your Cyber Security Partner - Company Profile.pdf
Cybergate International - Your Cyber Security Partner - Company Profile.pdf
 
KnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdfKnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdf
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA)Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA)
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Employee Cybersecurity Training
Employee Cybersecurity TrainingEmployee Cybersecurity Training
Employee Cybersecurity Training
 
OpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop ExerciseOpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop Exercise
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Tech Conferences To Share Ways Of Building A Robust Cybersecurity Culture
Tech Conferences To Share Ways Of Building A Robust Cybersecurity CultureTech Conferences To Share Ways Of Building A Robust Cybersecurity Culture
Tech Conferences To Share Ways Of Building A Robust Cybersecurity Culture
 
CISSO Certification| CISSO Training | CISSO
CISSO Certification| CISSO Training | CISSOCISSO Certification| CISSO Training | CISSO
CISSO Certification| CISSO Training | CISSO
 
Security in DevOps_ What are the Latest Strategies and Best Practices (1).pdf
Security in DevOps_ What are the Latest Strategies and Best Practices (1).pdfSecurity in DevOps_ What are the Latest Strategies and Best Practices (1).pdf
Security in DevOps_ What are the Latest Strategies and Best Practices (1).pdf
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!
 
NUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information SessionNUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information Session
 
Gear Up for Safety Get into the Groove with E-learning
Gear Up for Safety Get into the Groove with E-learningGear Up for Safety Get into the Groove with E-learning
Gear Up for Safety Get into the Groove with E-learning
 
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docxBest Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
 

More from Cigital

Cyber War, Cyber Peace, Stones, and Glass Houses
Cyber War, Cyber Peace, Stones, and Glass HousesCyber War, Cyber Peace, Stones, and Glass Houses
Cyber War, Cyber Peace, Stones, and Glass Houses
Cigital
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity Model
Cigital
 

More from Cigital (8)

Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind SpotStatic Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
 
Cyber War, Cyber Peace, Stones, and Glass Houses
Cyber War, Cyber Peace, Stones, and Glass HousesCyber War, Cyber Peace, Stones, and Glass Houses
Cyber War, Cyber Peace, Stones, and Glass Houses
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing Checklist
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
 
BSIMM By The Numbers
BSIMM By The NumbersBSIMM By The Numbers
BSIMM By The Numbers
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity Model
 
How to Avoid the Top Ten Software Security Flaws
How to Avoid the Top Ten Software Security FlawsHow to Avoid the Top Ten Software Security Flaws
How to Avoid the Top Ten Software Security Flaws
 

Recently uploaded

CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
anilsa9823
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
MyIntelliSource, Inc.
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 

Recently uploaded (20)

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 

How to Choose the Right Security Training for You

  • 1. If you teach a man to fish he’ll eat for a lifetime. How to choose the right type of software security training
  • 2. Threat agents are getting smarter. Are you? Staying ahead of cyber attacks requires continuous learning.
  • 3. Are you building a software security culture? You need to build the software security skills of everyone involved in developing, licensing, or managing software.
  • 4. If you need more application security skills, you aren’t alone*. 0 10 20 30 40 50 60 70 80 90 100 What types of skills are you seeking to add to your organization? In-house Consultant Cloud services *SANS
  • 5. • Reduces the risk of a cyber attack up to 70%.* • Reduces the cost of a data breach by $8 per record (from $154 to $146).** • Helps reduce staff turnover, lowering costs of hiring and onboarding difficult-to-find cybersecurity talent. Training has a measurable return on investment *Ponemon **Wombat Security Technologies and the Aberdeen Group
  • 6. How will your team learn to fish?
  • 7. What do mature software security initiatives do? The Building Security In Maturity Model (BSIMM) has measured over 100 firms to see how they handle software security training. See what we found out on the next slide.
  • 8. How does your training program compare? BSIMM Training Activity Participation Rate Least mature software security initiatives Provide awareness training. 76% Deliver role-specific advanced curriculum (tools, technology stacks, bug parade) 33% Create and use material specific to company history. 22% Deliver on-demand individual training. 46% Somewhat mature software security initiatives Enhance satellite support in the organization through training & events. 13% Include security resources in onboarding. 19% Identify satellite through training. 8% Most mature software security initiatives Reward progression through certification or HR. 4% Provide training for vendors or outsourced workers. 4% Host external software security events. 4% Require an annual refresher. 10% Establish office hours for the Software Security Group. 5%
  • 9. Which style of training is right for your team? There are many ways to build software security expertise. The training format you choose depends on your goals, participants’ needs, timing, and budget considerations. See the full spectrum of training styles on the next slide.
  • 10. Training Spectrum eLearningWeb searches Recorded Instructor-led courses Packaged instructor-led courses Custom instructor-led courses Consulting Staff augmentation Minimal knowledge transfer Least resources required Maximum knowledge transfer Most resources required
  • 11. A deep dive into two training styles
  • 12. Instructor-led training is like fishing with a spear. It focuses on specialized skills for small groups
  • 13. 7 benefits of an instructor-led training approach 1. Your curriculum can be customized to match your organization’s security policies and practices. 2. Instructors can adjust lessons “on-the-fly” to meet the needs of specific students or unexpected questions. 3. Students can fully engage in training without distractions. 4. Learning is reinforced with real-time discussions with instructors and other students. 5. Students can work together in teams to problem-solve, developing communication and collaboration skills. 6. Students can participate on-site or remotely via video conferencing. 7. You can record sessions and share them with other participants.
  • 14. Who uses instructor-led training? • Organizations that want to create a pool of software security experts, including secure software development and architecture. • Teams that are cross-training IT staff for a cyber security career path. • Managers and evangelists who will be responsible for spreading new ideas and practices among the rest of their team.
  • 15. eLearning is like fishing with a net. It trains more people with a broad-based approach.
  • 16. 7 benefits of an eLearning training approach 1. More students can join classes, regardless of where they live or work. 2. Everyone receives the same instruction, so you know all students achieve a minimum level of knowledge. 3. Students can learn at their own pace, pause, or review as needed. 4. Individual participation and performance can be tracked and measured. 5. Courses can be updated to reflect new topics and examples. 6. Often less expensive and doesn’t include additional travel costs. 7. Does not require time away from work.
  • 17. Who uses eLearning? • Teams that welcome new hires—particularly entry-level developers and IT staff—to build a strong security foundation and reduce onboarding time. • Organizations with third-party development shops and contractors that require all partners to follow consistent security practices. • Highly regulated organizations that need to demonstrate security compliance training for all employees.
  • 18. Ready to embrace software security training hook, line, and sinker? Learn more