|
|
|
|
|
|
by tptacek
3719 days ago
|
|
|
This sounds similar to Safelight (now, I guess, "Security Innovations"): https://www.securityinnovation.com/ They were quite successful with online security training, and companies will pay for it. So my questions, I guess, are: * How do you stack up content-wise against something like Safelight? * Who are you, and what's your pedigree? To a big extent, companies buying security CBT are buying a sort of stamp of approval for their process; how does your brand do that for them? * Why do security firms want online training? That seems like a really tough vertical to sell this kind of training for (big security firms tend to sell training courses like these themselves, except on-site, at nosebleed prices). |
|
|
https://www.youtube.com/watch?v=jkQgVO993W8
Our exercises are interactive, rather than passive, and focus on specific ways to fix code, rather abstract concepts. Compare with what we have on SQL injection:
https://www.hacksplaining.com/exercises/sql-injection
We started with the question "what are the essential things we would want our development team to know?" and then figured out the most compelling way to teach about them.
- We are talking to a couple of firms that we could partner with to help establish credibility. It's a bit of Catch-22 selling this kind of training material - people buy your product on the basis of who your existing customers are, to some extent. Finding an established player to work with would really give us a leg up.
- Most companies reluctantly pay for security training, precisely because so much of it is onsite and expensive. Making security training mandatory for developers is a good policy for a CTO of a large company (particularly if they have been hacked recently), but it's generally impractical to send to send everyone out for a 5-day course. We hope engaging, online material can fill that niche.