Security Awareness Training
Overview & Key Differentiators
As an innovative, authentic leader in the field of information security, and being an integrated security partner, VerSprite doesn’t apply a one-size fit all solution for our clients. We develop content and training based upon the culture, time, and availability of the employees receiving the training. The way we execute Security Awareness training is via a tailored approach. From gamified versions, to modular classroom styles, to topical and relevant LMS content, to Capture the Flag (CTF) exercises that demonstrate security testing patterns – we can build a training regimen that is not only tailored for you but that is integrated within various workflows for different groups. Our end goal is to demonstrate and measure how an informed workforce, knowledgeable about today’s cyber related attacks and threat motives, can operationalize security versus treating it as something that only one group should have responsibility for. Let us know how we can tailor some of the below mentioned for your specific needs.
Corporate Security Awareness Training
Over the years, many organizations have invested in computer-based training (CBT), Learning Management Systems (LMS), or even trainer-led, classroom-style, security seminars. Most of these solutions are generic, high-level and not effective in truly relating back to an employee’s day-to-day work efforts for their role. Most importantly, VerSprite has seen a lack of integration between content and what the organizational goals are for their employees from a governance viewpoint. Corporate security awareness training frequently puts the responsibility on the trainee to understand the relationship between security principles to job function to corporate policy.
VerSprite has long seen this to be a problem and provides a solution via our integrated approach. In doing so, we incorporate security governance into security training so that trainees can understand the purpose behind corporate policies, become introduced to real-world examples, and comprehend the benefits of adhering to policies/standards. VerSprite has the proven experience and leadership to help you integrate training with security governance so that more of what your security program is investing in is integrated. In this spirit, learn how a tailored corporate security awareness program by VerSprite can integrate multiple data sources that substantiates learning use cases.
Modular Security Awareness Training
Modular security awareness training is something that VerSprite originally brought to the security industry close to a decade ago. After seeing uniform group training for a diverse group of company officials across IT, development, compliance, operational, sales, and executives, VerSprite began offering modular training options that were tailored by role or function. Some simple examples are below:
- HR employees need to understand how to better enforce corporate security policies across their organization, without infringing on goals for organizational behavior and workplace culture. They also need to be able to communicate how HR incidents and changes in corporate unity can lead to tell-tale signs for insider threats.
- Sales and Marketing teams need to understand that they are commonly targeted by social engineering artists to gain domain credentials. Teaching these groups common ploys that present seemingly believable business cases is an important safeguard.
- Developers/Engineers are building new and exciting products for the company. Considering fundamentals around infrastructure, network, application, and system security can go a long way, particularly if your dev teams and engineers are working with unique frameworks and languages.
Inquire today on how VerSprite can make a modular and custom training program with the right cadence and duration.
Secure Development Training
Knowing how to write secure code hinges on several factors; from understanding security classes within a development framework to understanding and defending against technical exploit patterns. VerSprite provides a myriad of secure development techniques to help developers improve the security posture of their software. Our formats range from security training exercises via hands-on labs and hackathons to language-specific training courses that each developer can take on their own time.
When coupled with VerSprite’s AppSec services, we can track improvements in systemic flaws and insecure development practices that were being repeated on a suite of tested applications. This approach helps to ensure that a return on investment for secure development training manifests in the developed software.
As an added option VerSprite can integrate secure development mini-courses into on-demand training sessions that your developers can leverage while confronting real security issues within their current Sprints. Point-in-time security learning models may be too slow for many product development groups, so we have successfully integrated a security learning practice that fosters more integrated and relevant security learning to take place. Inquire with us today on how you can integrate security within your application development efforts.
Security Testing Training
As an added option VerSprite can integrate its security testing into your development teams’ software development lifecycle process. Point-in-time security testing models may be too slow for many mobile product development groups, and as a result, we have successfully integrated a security testing practice that is highly integrated into our clients’ workflows. Inquire with us today on how you can integrate security within your mobile application products.
Elite Android Exploit Development Training
The "Android Exploit Development Training" from VerSprite is an advanced course aimed to expose students to various Android vulnerabilities and exploit insecure development techniques. Students will learn about and develop exploits for multiple vulnerability classes that impact Android. The training includes multiple labs that will provide hands-on experience with the following:
- Building and developing Arm64 ROP chains and shellcode
- Analyzing and writing chained exploits for logic and serialization vulnerabilities
- Attacking Android WebViews
- Kernel exploit development