Nurun has a formidable mission: Bring together human insight and new technology to design brilliant products and services for tomorrow. To do so, the global design and technology consultancy takes a user-centered approach to design, and combines proven methods with the latest technological advancements. But it doesn’t end there. Security also plays a key role in ensuring projects can endure the risks of the digital world. So for Thomas Ko, Nurun’s Development Manager, security training is more than a compliance requirement.
Challenge: Flexible training that engages students
“We were looking for security training courses to satisfy the security trainingcomponent for PCI DSS. However, I also wanted to ensure that our developers were learning and improving their web security awareness and OWASP concepts through the training, as opposed to only satisfying a checkbox,” Ko says.
Scheduling training courses, however, proved to be a challenge. “Since our team members are on different client projects with different milestone deadlines, a good date for one team would not work for another,” Ko says. While it was important that security training didn’t interfere with revenue-generating project work, Ko recognized the value of security training and wanted assurance that employees were furthering their knowledge of security concepts.
Solution: Security Compass CBT delivers quality on demand.
Having taken security-training courses through Security Compass while at his previous employer, Ko knew that the secure software development training company met his needs for flexible, quality training.
Benefits: Flexibility makes learning easy; metrics provide assurance.
“We selected the computer-based training courses available online and accessible at our own convenience,” Ko says. “This criteria is very important to us, as it allows the team more flexibility to fit it in around their day-to-day work, as opposed to being forced to attend training at a certain time or on a certain date.”
In addition to the flexibility of the CBTs, Ko’s team benefited the Security Compass’ metrics program, which is designed to provide a quantitative measurement of how much a student learns from a course. Each learning objective is accompanied by a set of questions that serve to determine the student’s understanding of the topic. Students answer these questions in pre-assessment and post-assessment quizzes to provide a baseline from which knowledge growth can be measured. This provides Ko assurance that students will be able to apply the concepts to their work.
“The quizzes at the end of each lesson are important to solidify that the concepts are being learned, as opposed to the course material being skimmed over,” he says.
Regulatory compliance requirements like PCI DSS 6.5, which requires developers to be trained in secure coding techniques, are intended to be more than a check box item. They are meant to improve security for everyone involved, and with security training courses from Security Compass, Ko has assurance that his investment is doing just that. “The metrics gave me a general gauge on where the team was in terms of their initial web security knowledge and how much they improved after the course,” he says.