U.S. Federal Government Agencies: SD Elements Embeds Cybersecurity Training Into DevSecOps

June 3, 2021 Jay Ryan

Cybersecurity training programs for developers help build a culture of security in your organization as well as raise awareness about secure coding best practices. However, due to tight delivery deadlines for mission success, security training programs are usually conducted annually by federal government agencies.

The lack of cybersecurity training among developers can lead to vulnerabilities in applications, which in turn extends the time taken to ensure compliance with regulations, such as the NIST 800-53 Standard Revision 5.

Moreover, traditional training methods aren’t as effective in long-term knowledge retention. That’s why we offer just-in-time training (JITT) to developers so that they can learn and retain security best practices while they code.

Just-in-time security training for developers

SD Elements, our flagship Balanced Development Automation platform, empowers you to go beyond “shift-left” testing by integrating security and compliance natively from the start through guidance and training materials at each step of the coding process. The intuitiveness of our platform ensures that developers have access to knowledge just when they need it.

For instance, if you’re required to comply with a policy from NIST 800-53 such as AC-6: Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks, you will receive training modules explaining the concept of least privilege in a language you can understand.

SD Elements will also return the following guidance to you so that you can complete the task at hand:

  • Restrict access to tables and schemas that are needed.
  • Restrict access to actions that are needed (such as select, update, and delete).
  • Remove access to stored procedures that the application does not need.

Along with learning while coding, you can build or modify software quickly through easy-to-understand guidance and ensure compliance with regulations.​ A lot of coding is also done by searching code samples on the web. Unfortunately, these code samples often do not follow secure coding practices. Our JITT modules also provide secure code samples that you can use to build secure applications.

Did you know that every federal project in SD Elements includes access to our just-in-time training (JITT) modules?  

Our JITT modules assist with completing your security tasks, without having to revisit lengthy training modules, and conduct web research for non-certified security best practices.

The SD Elements library of JITT modules breaks concepts down into bite-sized intuitive exercises, focused on accomplishing specific tasks directly aligned to your compliance requirements. This ensures knowledge is transferred easily and effectively for rapid task completion.

Bridge security training gaps with SD Elements

Training is often an annual requirement for most federal agencies, leaving long periods of time between updates. This often leads to out-of-date training materials which aren’t in alignment with continually evolving compliance standards. 

To keep your knowledge up-to-date, our content team regularly updates and adds new JITT modules that align with evolving standards. This not only keeps you updated about new compliance requirements but also saves time in understanding these changes.

As you develop your organizational training plan, JITT modules can serve to fill a strong gap for both developers and assessors.

JITT modules cover both theory and application of the training enabling developers and assessors to gain the knowledge necessary to understand the why and how of implementing a compliance requirement. 

How to use JITT with SD Elements

The JITT modules are available to all of our clients in the U.S. federal government space as part of the SD Elements product offering. These modules provide a conceptual foundation needed for completing compliance tasks during coding. In addition, the training materials also describe the security weaknesses and their potential solution.

For instance, at this point, we are working to add 118 new training modules to our JITT library, and these are all mapped to compliance tasks for developers.

Being able to break down compliance into task-based guidance is at the heart of what SD Elements does. Acknowledging the cybersecurity skills gap in the U.S. market and enabling developers to learn security concepts while coding allows you to achieve compliance faster.

If you want to learn how we help federal agencies to achieve Authority to Operate (ATO) faster, please watch this short, 2-minute video.

About the Author

Jay Ryan

Jay is an avid technologist with nearly 20 years of experience leading operations in support of the federal and commercial security community. He has supported security programs for Fortune 500 companies, as well as various commands within the Department of Defense (DoD), and agencies of the U.S. Intelligence Community. In his role with Security Compass as the U.S. Federal Program Manager, he leads the cross-functional federal team for delivering on the growing adoption of SD Elements within the federal government customer base.

Follow on Linkedin More Content by Jay Ryan
Previous Article
Improving Cybersecurity: Impact of the U.S. Executive Order
Improving Cybersecurity: Impact of the U.S. Executive Order

Last month, the Biden administration signed an Executive Order to improve cybersecurity. One aim of the new...

Next Article
NIST 800-53 Revision 5: Preparing for Transition and Ensuring Compliance
NIST 800-53 Revision 5: Preparing for Transition and Ensuring Compliance

After years of anticipation, the NIST SP 800-53 Rev. 5 was released in 2020. Let's learn how federal inform...