Traditional education that prepares development teams for new technologies, development languages, and infrastructures does not typically arm them with the defensive skills needed to harden their software applications from attack. While it would be ideal if those involved in specifying, developing, and testing applications arrived already prepared to meet your security mandates, it often falls upon employers to fill these knowledge gaps.
Every organization is unique and needs its own customized approach to assure effectiveness and success of their training program. This whitepaper presents practical best practices for taking a many-hats approach that includes psychology, creativity, engaging materials, formal structures for learners to navigate, and a solid rooting in how people learn and apply new skills in their jobs.
Specific topics include:
- The three pillars of secure software development: standards, education, assessment
- Context and principles for software security education
- Getting people’s attention
- Putting the pieces into place
- Sample role-based training program
- Strategies and checklist for rolling out training