There aren't enough security experts to fill the more than 1 million open cybersecurity jobs. If you’re lucky enough to have the security staff it’s important to keep them motivated and learning, to do that you need to know what options are open to you. We’ll take a dive into training options so you can pick what’s right for your staff and your organization.
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
How to Choose the Right Security Training for You
1. If you teach a man to fish
he’ll eat for a lifetime.
How to choose the right type of
software security training
2. Threat agents are getting smarter. Are you?
Staying ahead of cyber attacks requires continuous
learning.
3. Are you building a software security culture?
You need to build the software security skills of everyone
involved in developing, licensing, or managing software.
4. If you need more application security skills, you
aren’t alone*.
0
10
20
30
40
50
60
70
80
90
100
What types of skills are you seeking to
add to your organization?
In-house Consultant Cloud services
*SANS
5. • Reduces the risk of a cyber attack up to 70%.*
• Reduces the cost of a data breach by $8 per record
(from $154 to $146).**
• Helps reduce staff turnover, lowering costs of hiring and
onboarding difficult-to-find cybersecurity talent.
Training has a measurable return on investment
*Ponemon
**Wombat Security Technologies and the Aberdeen Group
7. What do mature software security initiatives do?
The Building Security In Maturity Model (BSIMM) has
measured over 100 firms to see how they handle software
security training.
See what we found out on the next slide.
8. How does your training program compare?
BSIMM Training Activity Participation Rate
Least mature software security initiatives
Provide awareness training. 76%
Deliver role-specific advanced curriculum (tools, technology stacks, bug parade) 33%
Create and use material specific to company history. 22%
Deliver on-demand individual training. 46%
Somewhat mature software security initiatives
Enhance satellite support in the organization through training & events. 13%
Include security resources in onboarding. 19%
Identify satellite through training. 8%
Most mature software security initiatives
Reward progression through certification or HR. 4%
Provide training for vendors or outsourced workers. 4%
Host external software security events. 4%
Require an annual refresher. 10%
Establish office hours for the Software Security Group. 5%
9. Which style of training is right for your team?
There are many ways to build software security expertise.
The training format you choose depends on your goals,
participants’ needs, timing, and budget considerations.
See the full spectrum of training styles on the next slide.
13. 7 benefits of an instructor-led training approach
1. Your curriculum can be customized to match your organization’s
security policies and practices.
2. Instructors can adjust lessons “on-the-fly” to meet the needs of specific
students or unexpected questions.
3. Students can fully engage in training without distractions.
4. Learning is reinforced with real-time discussions with instructors and
other students.
5. Students can work together in teams to problem-solve, developing
communication and collaboration skills.
6. Students can participate on-site or remotely via video conferencing.
7. You can record sessions and share them with other participants.
14. Who uses instructor-led training?
• Organizations that want to create a pool of software security
experts, including secure software development and architecture.
• Teams that are cross-training IT staff for a cyber security career
path.
• Managers and evangelists who will be responsible for spreading
new ideas and practices among the rest of their team.
15. eLearning is like fishing with a net.
It trains more people with a broad-based
approach.
16. 7 benefits of an eLearning training approach
1. More students can join classes, regardless of where they live or
work.
2. Everyone receives the same instruction, so you know all students
achieve a minimum level of knowledge.
3. Students can learn at their own pace, pause, or review as needed.
4. Individual participation and performance can be tracked and
measured.
5. Courses can be updated to reflect new topics and examples.
6. Often less expensive and doesn’t include additional travel costs.
7. Does not require time away from work.
17. Who uses eLearning?
• Teams that welcome new hires—particularly entry-level developers
and IT staff—to build a strong security foundation and reduce
onboarding time.
• Organizations with third-party development shops and contractors
that require all partners to follow consistent security practices.
• Highly regulated organizations that need to demonstrate security
compliance training for all employees.
18. Ready to embrace software security
training hook, line, and sinker?
Learn more