BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. BMC has worked with thousands of leading companies to create and deliver powerful IT management services.
Building secure software is an important part of providing BMC's customers confidence in the products they receive. That is when BMC reached out to Security Compass to see if we could help support BMC’s security education needs.
Challenge: Security education that is attractive and easy to understand
BMC wanted a strong foundation for development teams to keep up with the ever-changing world of software security threats, something that could integrate easily into current security processes. "We don’t want to solely rely on security results from penetration tests to fix security bugs," said Ulf Viney, VP R&D Quality for BMC Software, "there is a need to provide teams with more accessible knowledge in a way that helps them understand the foundations of what AppSec threats are and to be able to recognize what they look like."
When asked what advice Ulf would provide to organizations facing the same challenges, he expressed the importance of getting the right decision makers to evaluate the content. "Most of the questions coming back from teams were asking how this course is relevant to developers, and to the business. It is really helpful to get the right people to try the course out, understand the security team’s goals and demonstrate business value to the leaders."
Solution: Smart, friendly eLearning that compelled teams to express feedback
Security Compass’s eLearning help BMC build towards their goals of delivering high quality, secure software to customers. "It is common for our customers to ask if our development teams go through security training and Security Compass eLearning can be a part of assuring our customers that our teams understand this application security knowledge," said Ulf.
The response to Security Compass eLearning is very positive, helped by the modular design and friendly way of presenting business risk to students. "We know that we are adding work to people plates. Our teams have other training they need to go through as well, but for (Security Compass eLearning), we received e-mails and phone calls from people saying this course is really good. It is very well laid out, simple, and great examples to help them understand the broad overview of Top 10 AppSec risks."
It was also key for BMC to measure adoption and promote the education to the business. BMC was able to work with Security Compass’s, Donnie Whitehall, LMS Support Specialist who helped ensure rollout was successful. "Donnie reminding us with meetings to follow up was amazing, it encouraged us to create dashboards to measure adoption and generate regular reports, this helped make implementation much quicker," said Ulf.
BMC has been growing it’s investment and attention to Application Security in its product teams. BMC is investing in resources to support various types of testing, resources to handle their threat response program, and resources to investigate and implement tooling. As Ulf says, "We are also ensuring that the knowledge to support this program is not just with the BMC AppSec team and so this is why we have been investing in training for our Developers, QA and Support staff. We want to continue to build a sustainable way to handle the ever evolving application threats that can and will affect the products we build and sell to our customers. Our customers expect us to deliver secure product and we believe that with the investments we are making we will improve our application security posture in our products each and every release." Security Compass continues to work with BMC to help them achieve their business goals of building high quality software for their customers.