As application security risks grow and change, so do the software development practices required to eliminate these risks. This makes it hard for developers to stay up to date on the most important and current secure coding standards. That’s bad enough, but multiply the problem by an entire development team at a company where application security is essential, and you have a large scale management problem that requires an organization-wide solution.
This is the situation that SHAZAM was in when they adopted Security Compass’s eLearning Secure Software Practitioner (SSP) suites.
As a financial services and payment processing company that works with community financial institutions, security is essential to SHAZAM’s operations. In addition to implement secure development processes, SHAZAM felt it was essential to educate their developers and keep them up to date on the latest and most important security standards, knowledge, and skills.
The financial technology industry is one where technology, standards, and vulnerabilities change constantly, and SHAZAM knew they had to swell their security skills and knowledge just as rapidly.
“We wanted to explore a new avenue for delivering training; maybe there is a better way to get deeper knowledge. We have a lot of respect for Security Compass and have used SD Elements for the last eight years,” noted Jeremiah Bristow, Senior VP of Enterprise Risk and Security. “We knew that partnership was strong and that SSP could provide a new avenue for our teams to develop, gain knowledge, and explore new skills.”
SHAZAM implemented Security Compass’s deep, insightful, and continuously current SSP eLearning suites. SSP Suites are a series of OnDemand learning courses that teach foundational elements of software security and language-specific secure coding. Each suite of courses are catered to specific roles, breaking down the learning so users efficiently learn about the secure development practices that are relevant to them. Following the courses, users can validate their skills by passing an (ISC)2 certificate exam — a recognized standard in information security.
Security Compass offers SSP Suites for a variety of developer types, like those working in Java, mobile, PHP, .NET and More. In each case, a developer is given a set of courses that cover both general security standards and practices (like OWASP Top 10) and ones that are specific to their role. The end result for companies like SHAZAM is development teams that understand the essentials of application security and can implement them easily in their everyday work.
SHAZAM found that the integration of the eLearning platform into their everyday operations was both easy and effective. “It was beneficial to have folks go through the training to improve their knowledge,” Jeremiah said, further explaining that developers found the learning challenging but not overwhelming. “They were comfortable with the knowledge they gained and the experience.” Mike Olson, Applications Development Manager with SHAZAM added, “It fit right in with people on my team. Some of the learning was a refresher, and it was more of an overall learning experience for folks who have not worked on front end applications or do not have a lot of experience with web programming.”