Our client’s Organizational Change Management Training lead claims that their organization is “very much concerned about members and the security of data.” In fact, they claim: “We’ve always been at the forefront of maintaining security.”
Challenge: Improving security awareness in an ever-changing threat landscape
Being a financial services organization, our client must comply with federal requirements, as well as keep up with the ever-changing world of security and threats. “Remediating vulnerabilities is part of running the business…. Even if you build and implement [software] as securely as possible, it [may become] vulnerable [again] because there are new threats every day,” our client claims.
As part of a larger effort to update each phase of its software development lifecycle with security-specific tasks and standards, our client sought to educate its web developers on secure coding best practices. “The training has a high impact on the success of this project. If developers don’t know how to create secure applications, the other stuff doesn’t matter,” they said. “It’s critical that our web developers acquire the knowledge and continue to learn. The threat landscape is constantly changing, and knowledge becomes stale very quickly, so continuous education is very important.”
Solution:In addition to secure coding classes for its web developers, our client sought to increase the general level of security awareness amongst its IT staff. To that end, our client was tasked with finding a security training company that offered computer-based training (CBT) for both developers and a wider IT audience.
While they were researching training providers someone on the security team suggested that they consider Security Compass. They came across the company’s free OWASP Top 10 training that is available on their website and were immediately impressed.
“The fact that it was free made it easy. I didn’t have to go through a bunch of steps and wait forever to get an evaluation copy. That formed my first impression of Security Compass: They’re easy to work with,” our client said.
Security Compass made the Training Lead’s short list, along with two other training companies she and her team considered. The team’s evaluation criteria consisted of 13 line items that included ease of use, tests associated with the training, and the level of technical detail. “We got to kick the tires and we got to know Security Compass with minimal effort. When we finished the evaluation process, they came out ahead on all of our criteria,” she said.
Benefits: Increased security awareness with minimal effort
Their first impression – that Security Compass was easy to work with – was reaffirmed during the sales process and after, which was important given the size of the project. Despite working in different time zones, they said not only received a response, but also received action on a query within a day, and sometimes even within the hour. “That’s priceless to me. I don’t have to keep chasing people down,” she said.
The training itself has surpassed their expectations. “After just three months of training, we’ve already established about a 10 percent knowledge lift from our baseline. And based on what we’ve seen for other events, attendance has exceeded our expectations,” she said.
“My experience with working with Security Compass has been phenomenal,” she said. “I’ve worked with vendors before, and I’ve never encountered such responsiveness and accommodation. They go out of their way, and it’s just been a delight to work with them.”