Thrivent Financial’s members trust the Fortune 500 financial services organization to help them achieve financial security. Operating under the values of faith, family, stewardship and service, the faith-based, not-for-profit membership organization takes this job seriously. Key to maintaining its members’ trust is by taking stringent data security measures to keep their personal information safe.
“The organization is very much concerned about our members and the security of data. We’ve always been in the forefront of maintaining security,” said Mariantonella Warfield, Thrivent Financial’s Organizational Change Management Training Lead*.
Challenge: Improving security awareness in an ever-changing threat landscape
Being a financial services organization, Thrivent must comply with federal requirements, as well as keep up with the ever-changing world of security and threats. “Remediating vulnerabilities is part of running the business. No sooner do you publish something, even if you build and implement it as securely as possible, it is vulnerable because there are new threats everyday,” said Warfield.
As part of a larger effort to update each phase of its software development lifecycle with security-specific tasks and standards, Thrivent Financial sought to educate its web developers on secure coding best practices. “The training has a high impact on the success of this project. If developers don’t know how to create secure applications, the other stuff doesn’t matter,” said Warfield. “It’s critical that our web developers acquire the knowledge and continue to learn. The threat landscape is constantly changing and knowledge becomes stale very quickly, so continuous education is very important.”
Solution: Training made easy by Security Compass
In additional to secure coding classes for its web developers, Thrivent sought to increase the general level of security awareness amongst its IT staff. To that end, Warfield was tasked with finding a security training company that offered computer-based training (CBT) for both developers and a wider IT audience.
* Opinions are Warfield’s own and do not reflect those of her employer.
While Warfield was researching training providers someone on the security team suggested that she consider Security Compass. She came across the company’s free OWASP Top 10 training that is available on their website and was immediately impressed.
“The fact that it was free made it easy. I didn’t have to go through a bunch of steps and wait forever to get an evaluation copy. That formed my first impression of Security Compass: They’re easy to work with,” said Warfield.
Security Compass made Warfield’s short list, along with two other training companies she and her team considered. The team’s evaluation criteria consisted of 13 line items that included ease of use, tests associated with the training and the level of technical detail. “We got to kick the tires and get to know Security Compass with minimal effort. When we finished the evaluation process, they came out ahead on all of our criteria,” said Warfield
Benefits: Increased security awareness with minimal effort
Warfield’s first impression – that Security Compass was easy to work with – was reaffirmed during the sales process and after, which was important given the size of the project. Despite working in different time zones, Warfield said she’d get not just a response but action on a query within a day, and sometimes even within the hour. “That’s priceless to me. I don’t have to keep chasing people down,” she said.
The training itself has surpassed Warfield’s expectations. “After just three months of training we’ve already established about a 10 percent knowledge lift from our baseline. And based on what we’ve seen for other events, attendance has exceeded our expectations,” she said.
Warfield is now working with Security Compass on adding an evaluation element at the end of the CBTs so that staff can provide feedback on the training. Embedding the evaluation within the training itself will take the workload off of Warfield, and for that she’s grateful.
“My experience with working with Security Compass has been phenomenal,” said Warfield. “I’ve worked with vendors before, and I’ve never encountered such responsiveness and accommodation. They go out of their way, and it’s just been a delight to work with them.”