Like most AppSec organizations, it’s likely that you have been facing the same challenges as most other software organizations: you have limited staff and resources responsible for application security but shoulder the responsibility to reduce risk for the entire organization. It’s an especially difficult spot to be in when you are short-handed – and approximately 43% of cybersecurity positions are unfilled, according to recent data. This leaves most organizations with little choice but to ensure their current employees are ready to meet the challenge: by up-skilling them.
Luckily, employees themselves are already asking for that training. According to a recent survey, most employees involved in software security think that their organizations need to make training their top priority.
When it comes to Application Security, training only the developers… doesn’t work.
The Software Development Lifecycle (SDLC) is a structured system of processes and responsibilities, from analysis and design to development, testing, and deployment. Any piece of software can become vulnerable at any point in the life cycle, so secure coding is absolutely essential. But it is also the bare minimum to achieve success since so many non-coders are engaged in the development process. Product Owners, UX designers, QA Engineers, Testers, Data Administrators, Back-end developers – the list goes on. Shouldn’t they have a responsibility to secure the software, too?
A Framework for Change
Consider the “Golden Triangle,” or people, process, technology (PPT) framework. In short, to make a permanent change in your organization, you must consider the balance of people, processes, and technologies required to make that change.
So, suppose you train developers to write safer code but leave the actual responsibility of secure coding to cybersecurity specialists. In that case, you may be missing crucial elements leading to security threats down the line. The developers may or may not decide to make changes to their coding behavior, so it is up to you to implement a more holistic secure coding process involving all necessary stakeholders. Follow this example and evaluate the people, processes, and technologies you’re using to affect permanent digital transformation.
The Security Innovation Difference
Since 2001, Security Innovation has been a trusted leader in software security mitigation and training – enabling a full one-third of the Fortune 500 to produce better, safer software. In fact, we literally wrote the book on AppSec training when we published the industry’s first security testing methodology back in 2003, How to Break Software Security, which is still available at your favorite online bookseller.
Two decades later, Security Innovation offers the most extensive training library in the industry. We host over 225(!) training courses covering the people, processes, and technologies required to produce highly secure software in an ever-increasingly hostile environment.
In addition, our CMD+CTRL Cyber Range continues to be one of the most popular cybersecurity training tools available anywhere. Thousands of players have experienced these ultra-realistic ranges, which are intentionally filled with flawed designs, defenseless code, and misconfigured deployments. Each cyber range tempts players to exploit the vulnerabilities, but the true gain is the real insight into how connected software functions and fails with respect to security.
Introducing CMD+CTRL Base Camp
Following this tradition, we are today announcing a brand-new learning platform called CMD+CTRL Base Camp. Base Camp is a single place where learners can experience everything CMD+CTRL has to offer, including our Courses and Cyber Range, as well as a new collection of over 30 scenario-based Labs designed to help learners gain hands-on practical experience to reinforce their training.
Through Base Camp, all these different modules can be combined into Learning Journeys, which not only keep learners more engaged than ever before but provides a much fuller and immersive learning experience. Plus, each journey is individualized to skill sets and roles across the entire software development lifecycle. Now, Base Camp can modernize and up-skill the cybersecurity talent of your entire organization – not just those nearest to the code. It also helps to promote a vibrant security culture by guiding your entire team through learning experiences that provide real-world connections to their day-to-day jobs.
Not Just Safer Code – Safer Software
This brings us back to the Golden Triangle. Not only are we training your coders, but we are also training everyone in the entire software organization. As part of the experience, we show how each member can contribute to a new, secure process that overlays and supplements your current development lifecycle. Lastly, we can train regardless of the technology: front-end, back-end, mobile, database, web developers, etc. Base Camp even allows coders to choose the programming language they wish to use.
Like all CMD+CTRL products, our true goal is to show our customers how to safely develop software using modern techniques and methodologies. With Base Camp, you’ll enjoy an up-skilled workforce, safer software, and a much safer organization. Most importantly, you’ll enjoy a new vibrant security culture that pervades the entire organization.
About Jason Shepard, Product Marketing Manager
Jason Shepard is a Product Marketing Manager at Security Innovation. A Seattle sports enthusiast, he considers the Mariners, Seahawks and University of Washington Huskies as his primary pastimes. He also drives Uber for fun on the weekends.