Our client focuses on accelerating financial asset recovery through industry-leading security and compliance practices, and award-winning technology to help their customers remedy their outstanding debt.
"We take our customer data security very seriously," says the Application Development Manager responsible for half of the development team.
Challenge: Security awareness while addressing key compliance drivers
The business requirement that our client needed to address was two-fold. The first was the need to raise Security Awareness for developers, and the second was addressing Payment Card Industry (PCI) Training requirements. "It is always good to ensure developers code in a secure manner but we also had this PCI need, so we were looking for a way to merge both," our client said.
Solution: Tailored training and transparency by Security Compass
Our client evaluated vendors for PCI Security Awareness Training, and Security Compass caught their attention after reviewing the free OWASP Top 10 online course. "The best thing about Security Compass was that I got to try the product even before any money was involved, whereas other vendors just tried to describe their courses." Our client appreciated that Security Compass had a path to expand and continue improving security as staff became more security aware, for instance, through the possibility of using our policy-to-procedure platform, SD Elements.
The flexibility of the tailored learning program offered by Security Compass impressed our client: "When we started, some staff would jump straight to the quiz but find that they might not know all the answers… Humbled, they would then go into the content to learn," they said.
Security Compass’s tailored learning allows students to test their knowledge right away, and they can jump into the content to learn more at any time. The courses are tailored to each individual’s learning needs, which is especially important for large training deployments.
Benefits: PCI Compliance while sparking great conversations
After all team members completed the Training, the team has managed to gain PCI compliance for their application. More importantly, the training has sparked development teams. "Before the training, we never had such detailed conversations about security," our client said. "After the training, the conversations started happening. We now have teams regularly talking about important security issues during development iterations".
The Training has helped our client address their two challenges, and they had a positive experience of working with Security Compass. "The training was good, quizzes were good, everything was good," said our client. "Thank you for playing your part in helping us with this."