SquareTwo Financial focuses on accelerating financial asset recovery through industry-leading security and compliance practices, and award winning technology to help their customers remedy their outstanding debt.
"We take our customer data security very seriously," says Laura, SquareTwo Financial’s Application Development Manager responsible for half of the development team.
Challenge: Security awareness while addressing key compliance drivers
The business requirement that Laura needed to address were two-fold. The first was the need to raise Security Awareness for developers and the second was addressing Payment Card Industry (PCI) Training requirements. "It is always good to ensure developers code in a secure manner but we also had this PCI need, so we were looking for a way to merge both," said Laura.
Solution: Tailored training and transparency by Security Compass
Laura evaluated vendors for PCI Security Awareness Training and Security Compass got her attention after reviewing the free OWASP Top 10 online course. "The best thing about Security Compass was that I got to try the product even before any money was involved, whereas other vendors just tried to describe their courses." Laura appreciated that Security Compass had a path to expand and continue improving security as staff became more security aware, such as the possibility of using Secure Application Lifecycle Management with SD Elements.
After selecting Security Compass, the flexibility of the tailored learning program has impressed Laura, "When we started, some staff would jump straight to the quiz but find that they might not know all the answers… Humbled, they would then go into the content to learn," she said.
Security Compass’s tailored learning allows students to test their knowledge right away, and at any time they can jump into the content to learn more, helping tailor to each individual’s learning needs, especially important for large training deployments.
Benefits: PCI Compliance while sparking great conversations
After all team members completed the Training, the team has managed to gain PCI compliance for their application but more importantly, the training has sparked development teams. "Before the training, we never had such detailed conversations about security," Laura said. "After the training the conversations started happening. We now have teams regularly talking together about important security issues during development iterations".
The Training has helped her address the two challenges and Laura describes a positive experience of working with Security Compass. "The training was good, quizzes were good, everything was good," said Laura. "Thank you for playing your part in helping us with this."