Project: Custom Secure Coding course
Business Driver & Learning Need: Due to ever increasing demands and security requirements, SkillBridge's client had a large scale initiative to train its entire engineering audience to more effectively design and write secure programs.
Solution: SkillBridge customized and implemented a customized Secure Coding course that was designed for various programming audiences, with the key focus being geared towards embedded programmers.
Given the large number of individuals to be trained, as well as the geographic distribution of a significant number of the population, SkillBridge implemented a blended learning solution. This included live instructor led delivery as well as a videotaped component of the live delivery that was provided to the geographically dispersed group. This distance learning method also included self paced lab work that matched the examples that the instructor covered during in class demonstrations. SkillBridge's solution significantly aided hundreds of this client's engineers.
Project: Security Awareness Program
Business Driver and Learning Need: With the increasing threats of cyber attacks in the financial service industry, the bank was seeking to raise the awareness of cyber security threats across the enterprise.
Solution: SkillBridge designed and implemented a Security Awareness program that was rolled out to the bank’s entire 60,000 person organization. This awareness course focuses on corporate policies around protecting private information and included social engineering topics such as phishing, hoax emails and other common malicious techniques. The course also included optional modules that were designed specifically for information system personnel.
Project: Avoiding the Top Programming Errors Computer Based Training (CBT) Business Driver and Learning Need: This large federal agency had deployed thousands of websites, and employed hundreds of web developers and programmers. These developments teams were located in numerous geographic locations. Given the agency’s high visibility, and nature of their work, they were a high risk target of cyber attacks from both domestic and international threats. Recognizing this threat, the agency needed to implement a training solution that would address their lack of competency in secure web development practices.
Solution: Due to the geographical distribution of the audience, SkillBridge, recognized that an online self-paced training solution would be the most effective solution. The content would need to address the issues identified in the SWE/SANS Top 25 and OWASP Top 10 lists. It would need to address how to identify them, how to avoid them and how to test for them. In order to reinforce the materials presented in the online program, the training would also need to contain examples of the errors and mitigations in addition to labs written for C/C++, Java, and C#.
SkillBridge successfully developed a customized web-based program (CBT). The entire program was SCORM compliant and was also Section 508 ADA compliant (accessible to hearing and visually impaired participants). The final seat time of the entire program was approximately 8 hours in length. It was successfully deployed on the agencies LMS.
Project: Comprehensive Security CBT solution
Business Driver and learning need: Amazon.com had a need for a comprehensive security computer based training (CBT) curriculum to address a number of learning needs throughout the enterprise. The programs needed to emphasize the importance of managing information security risk and highlighting the consequences of failing to do so. Further the program also needed to point out the activities involved with identifying and dealing with these risks. The intended audience for this course ranged from fulfillment employees, to business professionals, to technical personnel. Working with the client, SkillBridge implemented the following solution.
Solution: The centerpiece of the curriculum was a 30 minute core CBT which was required by all employees of the company. The course was designed to run on the client’s Learning Management System (LMS) and included an examination to assure participant completion and comprehension.
To address the learning needs unique to the IT and engineering personnel, this core program was augmented with additional content intended specifically for technical personnel. These included a course on Secure Coding Practices (5 modules comprising approximately 6 seat hours), and Secure Testing (9 modules comprising approximately 4.5 seat hours).
These programs were built to be fully SCORM compliant, and successfully tested and implemented on the client’s LMS.