Purpose-built roles and compliance-based paths help enterprises build more secure software and reduce risk.
Security Journey, a leading secure coding training provider, launched Recommended Learning Paths, a new collection of specially chosen lessons designed for individual roles within development and broader software development life cycle (SDLC) teams to improve software security knowledge and achieve compliance requirements.
Application security has become non-negotiable: 2022 saw the highest number of new CVEs, and 2023 looks set to continue the trend. Today’s development teams are, therefore, under increasing pressure to balance time-to-market pressures with the need to produce more secure code. Mounting regulatory pressures from the new US National Cybersecurity Strategy adds to these demands by mandating application developers prioritize security throughout the software development lifecycle.
Faced with this evolving landscape, it can be challenging for training program administrators to determine the best approach for their organization, especially when regulations like PCI DSS demand secure code training for developers that is role-specific. This is where Recommended Learning Paths come in. They offer group lessons that application security experts have carefully curated to improve knowledge, optimize training time, help meet compliance regulations, and respond to post-breach audit recommendations.
Security Journey CEO Joe Ferrara comments regarding the new learning paths, saying, “The overwhelming customer response to these new training paths is a testament to strong market demand. Every organization wants to ensure it effectively trains each role in the development team with the application security concepts that matter most to them—whether to improve security knowledge or meet compliance requirements proactively. Until now, nothing on the market delivered role- or compliance-based training like this. It will ultimately help organizations to produce more secure code, which saves money, builds trust, and drives innovation.”
With Recommended Learning Paths, organizations can:
- Take the guesswork out of choosing lessons to meet unique organizational needs
- Proactively improve development team knowledge
- Easily achieve regulatory compliance
- Respond to post-breach audit recommendations
- Ensure all development roles get targeted lessons to build skills without wasting valuable time
Today, the Learning Paths come in two varieties: Role-Based and Compliance-Based.
Role-Based Learning Paths have been selected for each key role in developing software. Each path has three levels of learning that build progressively: Foundational, Intermediate, and Advanced. Each level within a learning path contains 24 or fewer lessons, with learners rewarded with a certificate at the end of each level.
Role-based learning paths ensure the right training is delivered to the right people at the right time and ensure knowledge and skills are built continuously in stages rather than as a one-off exercise and are available for the following roles:
- Business Learner (Product Management, Project Management, UX)
- Web Developer, Front-End
- Web Developer, Back-End
- Native Developer
- Mobile Developer (iOS)
- Mobile Developer (Android)
- Data Scientist
- QA Tester
- DevSecOps
- Cloud Engineer
Compliance-Based Learning Paths are lessons designed to help learners achieve their compliance goals and go beyond to build advanced AppSec knowledge and skills. Each path contains 24 lessons and is designed to minimize training time. There is only one level in compliance-based paths, after which the learner receives a certificate. Reports can be easily generated to understand and verify completion.
Compliance-based learning paths include:
- OWASP Top 10
- PCI DSS
- White House Executive Order
This new product release also includes a content refresh of 55 video-based lessons, keeping with the company’s commitment to give learners the latest security guidance.
