Originally posted: https://www.hackedu.com/blog/top-4-ways-to-increase-completion-rates-for-secure-coding-training

It’s indisputable: Secure Coding Training is effective in reducing vulnerabilities in code. That’s why more and more companies are turning to this training to help speed up software deployment and prevent vulnerabilities. However, training can only be effective if the trainees actually take and complete the training, and this is just as much the case for Secure Coding Training as any other type. All the potential benefits of training become diminished if no one wants to complete it — or even start it, as is sometimes the case if accessing the training portal is a struggle.

Security…


Originally posted: https://www.hackedu.com/blog/applying-learning-science-principles-to-secure-code-training

Everyone knows the old adage: You can lead a horse to water but you can’t make it drink, and this is certainly applicable when it comes to self-directed learning through computer-based training programs. But if learning is the goal — and it is a critical one in the field of cybersecurity, where breaches cost enterprise companies an average of $3.92 million — you’ll probably want to do everything you can to increase the likelihood of that horse taking a swig.

That’s where Learning Science comes in. Did you know there’s a whole field of academic study dedicated…


Originally posted: https://www.hackedu.com/blog/how-offensive-training-improves-defensive-only-approaches-in-secure-coding-training

“I used to attack because it was the only thing I knew. Now I attack because I know it works best.”
- Garry Kasparov, chess legend

Chess is an oft-used analogy for cybersecurity because there are many similarities between the two. At their core, they are games of strategy which pit two adversaries against each other in a bid to outdo each other in a duel of intellects. The best chess players do not merely apply pre-meditated tactics to win. Rather, they inhabit their opponents’ minds, study their psyches, and view the world from their antagonists’ viewpoint…


By Rachel Virgil

Originally posted here: https://www.hackedu.com/blog/gender-diversity-considerations-in-training-avoiding-unintended-biases

When deciding which secure coding training program is right for you and your team, it’s important to choose a program that won’t unintentionally alienate certain groups. In 2021, it’s common knowledge that diversity improves performance and business outcomes, although the field of cybersecurity lags precariously behind other fields in terms of gender and ethnic diversity. …


Originally posted https://www.hackedu.com/blog/how-to-shift-left-and-increase-long-term-efficiency

In software development, issues become more time-consuming and more expensive the longer it takes to find and fix them. Find defects too late in the development cycle, and you could risk a delayed launch. If vulnerabilities remain after the product has already gone to market, hackers may exploit them, which can lead to angry customers and stressed employees. The best way to avoid these issues is to make sure they never happen.

“Shift Left” may be a tech buzzword, but in practice, it can make your organization more efficient. In software development, it means considering application security…


How to Add Automated Operations into a Seamless Secure Coding Practices Workflow

Many software and app companies have looked to automated operations to create a more streamlined and efficient development process. Adding the right tools to CI/CD workflows can save developers time and alleviate some of the burden of manual work. In DevSecOps, these tools automatically search for vulnerabilities, raise a flag when they find them, and provide information about how to fix them.

It’s important to note that automation will never replace human employees or manual DevSecOps. Think of these tools as similar to your spelling or grammar checker…


Originally posted https://www.hackedu.com/blog/3-steps-to-overcoming-the-shortage-in-security-talent .

According to the 2019/2020 Official Annual Cybersecurity Jobs Report, an estimated 3.5 million cybersecurity jobs will go unfilled in 2021. While attracting candidates from such a limited talent pool may seem impossible, companies do have other options at their disposal. Here are three steps that companies can implement right away to overcome the talent shortage:

  1. Hire Creatively
  2. Create a Strong In-house Security Culture and Train Appropriately
  3. Appoint a Security Champion(s)

Hire Creatively

In a piece for VentureBeat, Gusto CISO Frederick “Flee” Lee suggests we aren’t facing a skill shortage problem, but a “culture problem that manifests…


Originally posted at https://www.hackedu.com/blog/how-to-teach-developers-to-think-like-hackers

Coaches of sports teams would relish the chance to know their opponents’ offensive playbook, so that they can prepare the right defensive schemes. Debate experts say you should understand your opponent’s position before you attempt to refute it. You should also consider the ways your opponent may attack your argument and how you’ll defend it. The same principles are true in software and app development. Developers are often encouraged to think like hackers to find and fix vulnerabilities before any real hackers have the chance to exploit them.

Security advisor Roger A. Grimes writes that “true…


We published our first “Vulnerabilities Benchmark Report” (download it here) last week, a synthesis of anonymous data from tens of thousands of students on our training platform, representing hundreds of companies across multiple industries. During the process of developing the report, we were stunned by some of our findings.

One example is the fact that injection vulnerabilities have been either #1 or #2 on the OWASP Top 10 for 14 years! When we dug into the reasons why the statistic has remained unchanged for as long as it has, it made a lot more sense. Injection vulnerabilities are the ones…

Jared Ablon

Co-founder and CEO of HackEDU. Previously a CISO. 15 years in cybersecurity.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store