We have expanded our content library and strengthened software security training programs across the globe.

Leading up to our final quarterly content library update, we released 50+ new courses to close cybersecurity skills gaps within their workforce. Today, roughly 3,500 partners are providing over 3 million licensed users with quality training that meets their needs and provides clear guidance on different aspects of workforce development.

This quarter’s release focuses on key elements which initially shaped our 2020 Roadmap, including::

  • Secure Coding Interactivity: Challenges developers to find and fix vulnerabilities in code based on learned knowledge
  • Information Security Compliance: Maintain compliance with evolving frameworks and regulatory requirements and reduce organizational exposure
  • Emerging Technologies: Learn object-oriented and scripting languages that are quickly becoming industry mainstays
  • DevSecOps Practices: Master tools and methods that calibrate agility with security

Secure Coding Interactivity

To provide a more impactful learning experience, we continually strive to include media components that simulate on-the-job scenarios specific to the learner’s role. In our object-oriented programming language courses, developers need to apply newly gained knowledge to identify vulnerable code and remediate in a way that it is no longer exploitable.

Updated Secure Coding Courses:

Information Security Compliance

Understanding what regulations to adhere to or best practices to follow as part of compliance efforts can be overwhelming. With organizations continually struggling to keep pace with changes to common cybersecurity frameworks and regulatory requirements, the demand for focused training to help stakeholders achieve compliance continues to grow.

In an effort to enhance global payment account data security, the PCI SSC replaced the PA-DSS with a new collection of standards and programs for the secure design and development of payment software titled the PCI Software Security Framework (PCI SSC). These changes have left organizations scrambling for guidance on how to ensure effective implementation by stakeholders.

PCI SSC mandates that developers protect cardholder data at all times by minimizing the storage of cardholder data and taking necessary precautions to protect it. Additionally, control objectives require that all software activity involving critical assets must be tracked, and any methods that may expose sensitive data should also be tracked. Unfortunately, protecting the integrity of event datasets and analyzing records in order to detect attacks in real-time can be challenging. Implementing Secure Software Operations is critical for software security stakeholders to detect, respond to, and investigate attacks.

While OWASP offers a plethora of guidance on application security through its community-led open-source software projects, organizations still struggle with the specific methods needed to build security in and identify vulnerabilities pre-release. OWASP Application Security Verification Standard (ASVS) is designed to provide a basis for testing web application technical controls via a list of requirements for secure development. Despite the efforts of this project, Privacy and Cybersecurity Management struggle to provide necessary guidance and training to ensure they meet ASVS requirements. Recognizing this knowledge gap our ASVS Requirements for Developers course will address this need while providing an understanding of ASVS levels and how the requirements can be used to audit applications and establish procurement metrics on an ongoing basis.

Cloud Governance & Compliance
As Enterprises continue to expand their cloud operations, governing cloud services while adhering to policies and procedures becomes more complex. While cloud governance frameworks can provide short- and long-term organizational benefits, they can be difficult and timely to implement. A key challenge organizations face is understanding which security controls should be implemented by individuals within the cloud supply chain. The release of Meeting Cloud Governance and Compliance Requirements provides cross-functional teams with the on-practice skills required to ensure effective cloud adoption.

DevSecOps Practice

As Developers and IT teams continue to “shift security left”, they must identify the appropriate tools and processes to integrate security into the full CI/CD pipeline. We released two courses to help teams better understand modern security threats and how to address them in order to meet compliance requirements while developing a DevSecOps mindset.

Updated Secure Coding Courses:

Emerging Technologies

While programming languages like Java, Python, Ruby, PHP, C#, and C++ remain prevalent, new languages, frameworks, and libraries are increasingly being employed. The three we focused on for this release are Kotlin, Angular, and React.

Kotlin is a favored option for building android applications because of its interoperability with java code, maintainability, reliability, and ability to boost team efficiency. However, it introduces its own set of challenges (as does any new technology) which we address in our Create Secure Kotlin Applications course.

Widely preferred amongst software development communities for their ability to bring the web to life, JavaScript frameworks such as Angular continue to emerge as popular front-end frameworks. While the TypeScript-first policy of Angular helps spot and eliminate common mistakes, this approach generates much criticism amongst the development community thus driving the importance to Develop Secure Angular Applications following software assurance best practices.

While frameworks provide a set of tools to form web sites and applications, open-source libraries like React provide a component-based architecture that makes it easier to create interactive user interfaces. However, the way components are managed and limited technical documentation makes it difficult for even the most proficient developers to Create Secure React User Interfaces.

What’s coming in 2021?

Maintaining our promise to provide expert and up-to-date content, our roadmap continues to be driven by customer feedback and industry trends.

None of this would be possible without you. Thank You!

In addition to keeping our current catalog accurate and timely, 2021 will usher in a new platform to help Executive Cyber Leadership better manage staff security competency. It will provide in-depth learning and hands-on practice for learners which highlights professional development through personalized experiences. Managing a training program from a centralized location that will make it easy to measure progress, streamline operations, prioritize cyber tech trends, and retain talent through professional development.

Want more detail? Check out our course updates in-depth.