Courses fit very easily into a long term security program. To help you get started with planning your program, we've listed a few tips to help you pair Courses and Assessments:
- If you're creating an overall security program, we recommend starting off by setting up assessments first. Consider target vulnerabilities and training level you would like your assessment to cover
- Once you’ve created an assessment, you can then base your course structure on the vulnerabilities it covers. Each vulnerability could then be set up as a separate module in your course, giving your developers enough time to learn and absorb all the important content for each vulnerability
- Consider setting a deadline for the assessment. This will help you manage your security program goals and progress by ensuring that assessments are completed by a certain time, allowing you to move onto other aspects of your program.
Note: We don't recommend setting a deadline for a course as it should be considered easily and readily accessible for use as free-training before assessments or other program checkpoints
- If you're not sure what difficulty level to choose for a course or assessment, or if you're not sure what your developers' security awareness skill level is, we recommend providing an equal mix of easy and medium-level challenges to help you gauge where everyone is at