As application security threats against SaaS applications, APIs, and microservices increase, so too does an organization’s reliance on its key builders—lead developers, scrum masters, DevOps teams—to be knowledgeable and security minded, equipped with the knowledge to integrate security into its development process. Security Compass helps organizations build a security culture by offering a multi-staged, comprehensive training program for today’s short-on-time developers to teach them the most important and current application security practices.
Security Compass’s Software Security Champions blended learning methodology combines the best aspects of classroom training, self-paced eLearning, and an (ISC)² accreditation program to support long-term learning and retention of security best practices.
What is a Software Security Champion? Security Champions are leaders within their teams who take on the challenge of learning about security best practices and passing on their knowledge to their colleagues at a grassroots level. A Security Champion has an important role on a development team, as they:
The Software Security Security Champions program utilizes a blended learning model that includes instructor-led OWASP Top 10 training, hands-on labs, expert mentorship, speaker events, and eLearning on specialized Software Security Practitioner (SSP) Suites.
The Software Security Champions program kicks off with a one or two-day classroom training session led by industry experts, covering both conceptual knowledge in a code agnostic manner and technical hands-on labs.
OWASP Top 10 Course Instructor-led sessions begin with classroom training on important concepts relating to the OWASP Top 10 vulnerabilities. This includes technical issues that lead to these vulnerabilities along with a discussion about the impact these vulnerabilities have on applications. The objective is to show how hackers truly exploit these vulnerabilities, and best practices to defend against them.
Hands-On Labs The Software Security Champions program kicks off with one or a two-day classroom training session led by industry experts, covering both conceptual knowledge in a code agnostic manner and technical hands-on labs.
Expert Mentorship The classroom environment offers teams the additional benefit of direct interaction with industry experts. Participants will engage in classroom discussion with seasoned instructors, work through lab exercises under the mentorship of experts, and have an environment to mingle, meet, and embrace IT Security concepts as a team.
Speaker Events Security Compass will organize a series of speaker events to engage teams and raise the profile of security in an organization. Using our relationships with industry experts, we will bring in speaker sessions, presentations, and lunch and learns, with interactive question and answer periods. Combined with classroom training, these sessions can help students understand how to apply their knowledge to specific real-world scenarios while taking in war stories from seasoned professionals.
After learning about and practicing hands-on techniques to defend against the OWASP Top 10, team members can reinforce and specialize their knowledge with one year of access to Security Compass’s SSP eLearning Suites. Each suite offers a role-based learning path that gives a deeper dive into code-specific best practices.
SSP Suites are offered exclusively by Security Compass and can be used toward (ISC)2 accreditation. Gartner recently named Security Compass a “Vendor of Note” in their Magic Quadrant for Security Awareness Computer Based Training.
Name Your Champions In addition to holding training and events for the whole team, we can work with teams to nominate official “Security Champions” who will receive additional training to position them as internal security ambassadors after our work is finished. This helps teams maintain their learning in the longer term, delegating responsibilities to one or a handful of team members who can become your company’s application security experts and push security best-practices across your organization. The Software Security Champions program kicks off with one or a two-day classroom training session led by industry experts, covering both conceptual knowledge in a code agnostic manner and technical hands-on labs.
Customize your Software Security Champions Program Software Security Champions offers a host of customization options to meet each company’s specific needs. Security Compass can bring specific topics, announcements, security links, standards policies, etc., into course content to link up the classroom session to a company’s overall champions program. Depending on the customization required, Security Compass can discuss each company’s needs and how we might accommodate them. Some examples include:
Software Security Champions is a personalized program, and we’re happy to work with organizations to help them achieve their application security goals.
Metrics: Ensure the Success of your Organization’s Software Security Champions Program Alongside the Software Security Champions program, Security Compass will help establish metrics to assess team members’ knowledge lift and identify areas for further improvement. We do this using pre- and post-assessments combined with course examinations. In addition to providing a clear record of a team’s progress, this also provides a measurable understanding of ROI for the program as a whole. Across different sessions, Security Compass can help provide measured results to show management the results of the overall program.
Security Compass’s instructors and advisors are experts in application security. We promise to be your trusted advisor and to help your team champion security to defend your organization’s most critical assets. We are comfortable going beyond conventional thinking to address your unique security needs.
The Software Security Champions program is an innovative, engaging, and effective way to bring development teams up to the highest industry standards in application security.