Wednesday, December 2, 2015
Discover 10 compelling reasons why your next developer security training course should be computer-based, and not classroom-based.
1) Fit Training Around Developer Commitments
Application developers work to incredibly tight deadlines, and it's never feasible to dedicate entire days of work to classroom-based security training. When training is forced upon developers, it can seriously impact project work, creating a conflict of interest for the attending developers.
Thankfully, computer-based security training is designed to accommodate developer workloads. It can be engaged with in short, manageable snippets, and fitted around existing commitments - allowing developers to improve their security knowledge without impacting their day-to-day responsibilities.
2) Improve Developer Engagement
As well as fitting in around existing responsibilities, computer based training can be used to improve how developers engage with their training: using real code examples and practical hands-on training.
3) Reduce Training Costs
Classroom-based training can be expensive. In addition to the costs of hiring a venue, organising transport and finding a speaker, there's the opportunity cost associated with pulling your developers away from several days of billable work. With a more flexible structure, computer-based training can be rolled-out in a much more cost-effective way - allowing training to happen without decimating your development capabilities.
4) Measure Attendance and Analyse efficiency
Computer-based training offers visibility into crucial performance metrics, from attendance rates through to course completion. It's also easy to gauge the efficacy of each training program, as small end-of-module tests can be used to test a developer's security knowledge, and identify areas that need supplementary training,
5) Self-Paced Learning is More Effective
Traditional classroom-based training forces all participants to engage with the course at the same speed - irrespective of different learning styles or levels of existing knowledge.
Some developers will already be familiar with aspects of the course, and require less time to understand the teaching. For other developers, the course will cover entirely new material, and require additional time to become familiar with the concepts introduced.
Computed-based training facilitates these different learning styles, allowing developers to progress at their own pace, and engage with material as little, or as often, as required.
6) Standardize Core Training
Computer-based training makes it easy to role out essential training to both in-house and remote staff, and easily monitor their attendance and completion rates. As well as improving organisation-wide security awareness, this can be extremely helpful for monitoring essential compliance training (like PCI compliance).
7) Customize Role-Specific Training
Computer based training is extremely modular in nature, making it possible to pick-and-choose only the most relevant training modules. Instead of forcing developers to engage with irrelevant material (like C++ security for a Java developer), or topics they're already familiar with, you can build a customized syllabus to suit the role-specific requirements of each participant.
8) Supplement with Additional Resources
With unparalleled visibility into course completion and pass rates, it becomes easy to identify areas that need supplementary training. Thanks to the flexible nature of computer-based training, it's a simple process to schedule additional training around existing commitments - whether it's a short Q&A with a security expert, or setting up an organisation-specific developer knowledge base.
9) Improve Knowledge Retention
For developer security training to be effective, completed courses and passed exams need to translate into a real-world reduction in vulnerabilities.
The insights learned in a single classroom-based session can be hard to remember and act upon. Thankfully, the flexible, ongoing nature of computer-based training will help developers practice and apply the principles of their training in the real-world, consulting supplementary resources (like a training knowledge base) whenever they need to revisit their training.
10) Future-Proof Your Training
The best practices of application security change faster than most classroom-based courses can update their syllabus, and very quickly, important elements of the course's content can become outdated and irrelevant.
Thankfully, computer-based developer security training can be updated much more readily. Outdated modules can be updated remotely, and revisions can be pushed-out on a regular basis - allowing developers to learn how to combat the newest threats and vulnerabilities as soon as they appear.
