Our client has a formidable mission: to bring together human insight and new technology for the purpose of designing brilliant products and services for tomorrow. To do so, this global design and technology consultancy takes a user-centered approach to design and combines proven methods with the latest technological advancements. But it doesn’t end there. Security also plays a key role in ensuring that projects can endure the risks of the digital world. So, for our client’s Development Manager, security training is more than a compliance requirement.
Challenge: Flexible training that engages students
"We were looking for security training courses to satisfy the security training component for PCI DSS. However, we also wanted to ensure that our developers were learning and improving their web security awareness and OWASP concepts through the training, as opposed to only satisfying a checkbox," the Development Manager says.
Scheduling training courses, however, proved to be a challenge. "Since our team members are on different client projects with different milestone deadlines, a good date for one team would not work for another," he says. While it was important that security training didn’t interfere with revenue-generating project work, he recognized the value of security training and wanted assurance that employees were furthering their knowledge of security concepts.
Solution: Security Compass Course-Based Training (CBT) delivers quality on demand.
Having taken security-training courses through Security Compass while at his previous employer, the Development Manager knew that the secure software development training met his needs for flexible, quality training.
Benefits: Flexibility makes learning easy; metrics provide assurance.
"We selected the computer-based training courses available online and accessible at our own convenience," he says. "This criteria is very important to us, as it allows the team more flexibility to fit it in around their day-to-day work, as opposed to being forced to attend training at a certain time or on a certain date."
In addition to the flexibility of the CBTs, our client’s team benefited from Security Compass’ metrics program, which is designed to provide a quantitative measurement of how much a student learns from a course. Each learning objective is accompanied by a set of questions that serve to determine the student’s understanding of the topic. Students answer these questions in pre-assessment and post-assessment quizzes to provide a baseline from which knowledge and growth can be measured. This provides our client with the assurance that students will be able to apply the concepts to their work.
"The quizzes at the end of each lesson are important to solidify that the concepts are being learned, as opposed to the course material being skimmed over," he says.
Regulatory compliance requirements, like PCI DSS 6.5, which requires developers to be trained in secure coding techniques, are intended to be more than a checkbox item. They are meant to improve security for everyone involved. With security training courses from Security Compass, our client has the assurance that his investment is doing just that. "The metrics gave me a general gauge on where the team was in terms of their initial web security knowledge and how much they improved after the course," he says.