In today’s day and age it’s easy to agree that businesses need to do more to protect themselves from cyber attacks. New reports of massive, damaging hacks are a daily occurrence. Business owners and technologists are wondering if it will ever stop. Could it be we have overlooked the most fundamental step in defending critical digital assets? Read on to find out how application security training through e-learning is an absolute requirement for all Web Developers, IT Managers and Technologists.

Easy to use, Easy to hack?
Everyday technology becomes more and more accessible for us all. We all know that even young children can intuitively figure out how to use a modern app or website. But behind all of these user-friendly systems are technology layers of staggering complexity.

For example, a typical website lives in an ecosystem consisting of an operating system, a web server, an application server, database servers, runtime environments, multiple web frameworks, 3rd party services, open-source libraries and of course custom-written code.

Professional developers then balance frequently changing business requirements and weave the appropriate technologies together. Generally, development teams focus on getting a core set of business requirements satisfied, and then gradually add additional functionality over time.

In terms of functionality, this system has worked very well and web applications provide a breathtaking array of world-changing services and experiences. However, the relentless onslaught of successful cyber attacks is clear evidence that security is major problem, which has put all of our most sensitive information at risk.

Training Developers – Often Overlooked
Businesses spend an enormous amount of time and effort to locate talented individuals and teams around the globe. Interviews are focused on past experience and the ability to build functional and fast websites. However, security is often underrepresented or completely omitted from most interview questions. Companies also frequently forget that ongoing application security training is a must for development teams.

Developers need ongoing guidance and information on how to code security in the face of evolving threats and ever-changing technologies. Managers need training so they ask the right questions and can judge the appropriate level of security for each project and ensure security is included along with other business requirements.

Maximize Effectiveness
Providing training is one thing, but maximizing effectiveness is a separate challenge. Security issues are often confusing by their very nature. Organizations must ensure the training is clear, illustrative, memorable and current. Developers should be able to remember the lessons, visualize the problems and most importantly, clearly understand how to fix vulnerabilities.

To this end, KMI Learning and Infrared Security have teamed up to develop and distribute the highest quality application security training for developers and managers. This training is already used by Fortune 500 companies around the globe, and stands in distinction for clarity and usability.

Each lesson is professionally animated to make the lessons as memorable as possible. Role-specific and technology-specific lessons provide meaningful training for management and technical staff. The content is curated to ensure your team has immediate access to the most relevant and updated information. An outstanding example of this is our frequently updated OWASP Top 10 training for developers and managers. ll of our e-learning content is hosted on the web so developers can start training at anytime with nothing to install or maintain.

Take Action
Our mission is to make the world’s most effective and accessible application security training materials. Application security training is a primary and key activity that all organizations must perform, which in turn enables other security activities throughout your organization’s system development lifecycle. We encourage all organizations to take action now regarding this fundamental and essential layer of defense.

For more information, click here

Custom Security Awareness Content

Your company has just endured yet another security breach. One of your employees left an open iPad on a table with friends at Starbucks. One of the friends jokingly sent an email to the employee’s entire department. The contents of that email were, shall we say, colorful.

The thing is you had conducted security awareness training for all employees. How could this employee have made such a silly mistake? Well, first of all the employee might make better choices in friends. But beyond that, why didn’t the training change the behavior? Why wasn’t this employee aware of potential security hazards?

Obviously, security awareness success is an effective combination of implementation of the technologies available to prevent compromises and appropriate human behaviors. While it may be tricky to keep pace with changing technology, it may be even trickier to impact the behaviors that can lead to security issues. Training is definitely a huge piece of this puzzle.

While there are many options available for generic off-the-shelf security awareness eLearning, these courses may not really address the specific security challenges of your organization. At one Financial Services organization, security of systems, processes, and information was critical to the corporation’s success and growth. And, security of clients’ information was a cornerstone of their corporate values. Because of the Company’s business, their security concerns were very specific. The Company faced a challenge: how to formalize these security awareness protocols so that it was easily accessible, consistent, adaptable and applicable across the global population. And, perhaps, most importantly, how to ensure that sharing this information would truly improve behaviors.

Creating an online training program that demonstrated the tools, behaviors, policies and procedures around security requirements provided an exciting, engaging and memorable vehicle for educating the corporate population, scalable and accessible across business units, departments and global offices. KMI Learning developed a series of rich eLearning modules, following a narrative scenario style that provided the underlying security foundation in a compelling way and that is accessible on –demand, to every employee world-wide. Not only that but the courses revolved around a set of characters that were relatable and were in situations that were unique to the Company. Employees saw themselves in these situations. They saw how the policies could and should be applied to their daily work life. They were able to practice decision-making and applying security awareness strategies within the modules with no ramifications for the Company. While these interactions were fun, they were also memorable, easily brought to mind when similar situations arose in real life.

As a result of this Security Awareness program, the Company has experienced a significant, quantifiable, positive change in employee behavior related to security. There has been a significant decrease in security breaches and improvement in routine security measures. And, employees are vested in the series, they anticipate the updates and look forward to seeing in what new situations the characters find themselves.

No longer would an employee not think about leaving an iPad untended!