SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Security Journey unveils role-specific learning paths for software security
Thu, 12th Oct 2023

In a move set to redefine secure coding training, Security Journey, a prominent secure coding training provider, has introduced its innovative 'Recommended Learning Paths'. This new initiative provides specially curated lessons tailored for specific roles within the software development and broader software development life cycle (SDLC) teams. The primary objective? To enhance software security knowledge and ensure compliance requirements are met seamlessly.

The escalating importance of application security is evident. Last year, 2022, witnessed the largest number of new CVEs (Common Vulnerabilities and Exposures) ever recorded. Moreover, the current year's trajectory suggests that this alarming trend is only set to continue. Modern development teams are thus navigating the challenging waters of reconciling rapid market delivery with the paramount need for bolstered security measures in their code. This scenario is further complicated by the evolving regulatory framework. The recent US National Cybersecurity Strategy mandates application developers to embed security measures throughout the software's lifecycle.

Given these complexities, training program administrators often find themselves at crossroads, pondering the most efficient approach for their organisations. This is especially pertinent when regulations, like the PCI DSS, explicitly demand role-specific secure code training for developers. Enter Security Journey's 'Recommended Learning Paths'. They present clusters of lessons, diligently selected by application security mavens, destined to enhance knowledge, streamline training durations, fulfil compliance stipulations, and aptly address post-breach audit suggestions.

Security Journey's CEO, Joe Ferrara, articulated the company's vision, stating, “The overwhelming customer response to these new training paths is testament to strong market demand. Every organisation wants to ensure it is training each role in the development team effectively, with the application security concepts that matter most to them—whether to proactively improve security knowledge or meet compliance requirements. Until now, nothing on the market truly delivered role- or compliance-based training like this. It will ultimately help organisations to produce more secure code, which saves money, builds trust, and drives innovation.”

The newly unveiled 'Recommended Learning Paths' empower organisations to:

  • Eliminate the uncertainty in selecting lessons aligned with distinct organisational requisites.
  • Augment the knowledge of development teams proactively.
  • Achieve regulatory compliance without hassle.
  • Respond astutely to post-breach audit suggestions.
  • Provide every role in development with precise lessons, thus fortifying skills without unnecessary time expenditure.

Currently, the Learning Paths are bifurcated into 'Role-Based' and 'Compliance-Based'. The Role-Based paths are meticulously crafted for pivotal roles in software development, spanning three incremental levels of learning: Foundational, Intermediate, and Advanced. Each tier within a path encompasses 24 or fewer lessons, culminating in a certificate for the learner. These paths extend to roles such as Business Learner, Web Developer (both Front-End and Back-End), Mobile Developer (for both iOS and Android), and several others.

In contrast, the Compliance-Based Learning Paths consist of lessons assembled to assist learners in meeting their compliance objectives, and simultaneously enhancing their AppSec acumen. Each of these paths offers 24 lessons and culminates in a certificate upon completion.

Lastly, in line with its pledge to continually update its learners with current security advice, Security Journey has refreshed its content, introducing 55 video-based lessons.

This innovative approach by Security Journey promises a more tailored and effective learning experience for all roles within software development, ensuring that security remains at the forefront of innovation.