Security training has been a focus at Jemurai for all of our 10 years in action. It is central to our mission, which is enabling organizations to meet security more squarely on their terms. (See our Origin Story) We want you to know what you need to know and to be able to handle as much as you can yourself!!!
Historically, most training we do is highly technical, targeting developers. It could be around the OWASP Top 10 or security in AWS. A common offering is a monthly injection of relevant security training covering a recent issue like dependency confusion or the Log4J issue that happened at the end of 2021. We typically deliver via Zoom (these days) but we love doing live training and answering hard tech questions on the fly.
In building securityprogram.io we realized there were broader organizational needs around training. In addition to deep technical training, organizations need training for everyone. They need to demonstrate that they have provided the training and that people have taken it. They may need more detailed training for particular people around privacy or a particular standard.
So we built out a training library as a cornerstone of our securityprogram.io offering. Some features of our training:
- General Security Awareness Training (We use animal analogies and pictures)
- Includes training around how to run a program
- Tracking participation in the Trainings
- No per user costs - we want to make training easily accessible to anyone
- Providing easy reporting around training coverage for compliance
Our training does not include:
- Automated phishing testing.
The Training Categories
In SPIO, we have training in the following areas:
- General Security Awareness
- Incident Handling
- Developer Training (OWASP Top 10)
- Extended Developer Training (Cloud, OPA, etc.)
- Policy Training
- Standards and Regulations
- Meta Training around how to effectively use SPIO
When you click on a training, you get a video viewer like the one below which allows us to track the progress through the training and collect the data needed to demonstrate that training has been sufficiently distributed.
We tried to make the training as short and pragmatic as possible. We tried to have personality and make it as fun as possible. Of course, it is security training so some people will enjoy it more than others. But the takeaway is that you can easily meet your goals and provide very good training content to your team with securityprogram.io.