Security Compass’s Subu was on CNN Money last week talking about hackers and the banking sector. Here’s the link to the article and the video after the jump. Link: http://hub.am/17uGHEb

We all think of deploying amazing Security CBT to our teams, envision them taking it, loving it and your company becomes more secure for it.  Yet in practice, there are a couple steps that are essential to ensure success whether your training is for SDLC, general awareness or PCI compliance. One overlooked criteria is when…

Note: At the end of this series, I’ll provide a free tool that you can use to make your own evaluations easier, so keep an eye out for it! With the variety of Computer Based Security Training (CBTs) out there, it can be tough to make a decision around what to consider when choosing the…

Last month, a story ran on Dark Reading around why security awareness is useless. I cringe reading such stories because I believe that one fundamental problem of security people is our inability to make security relevant to everyday folks.  I want to hammer at the one of the key problems with security awareness training, which…

We’ve had Java and .NET secure coding CBTs for a number of years now.  If I remember correctly we were one of the first to have Application Security CBTs bundled with hands-on lab exercises (TrueLabs), which was amazing.  This year, I’m excited to say that we’ve brought our Tailored learning format into our .NET secure…

As the need to develop for multiple mobile platforms increase, so has the need to outsource mobile development.  There are software security concerns from mobile hacking that you should be aware of as you build your list of security requirements for your app.  For some of you, security may not be the top concern but…

Late last year, I was in on a meeting where our Training team was gathering requirements for a Custom CBT to be built for a huge, recognizable client. This client had offices worldwide and our course would be viewed many teams so it was imperative that we got the details right.  After a productive meeting…

I’ve performed a number of Payment Card Industry (PCI) assessments and know that some of the PCI Data Security Standard (DSS) audit requirements can be unclear.  I’ll help by breaking down the requirements important to training your staff to meet your PCI Compliance goals. Keep in mind that a checklist approach to training won’t solve…

Whether you’re looking to train staff on OWASP training and/or Security Awareness training, at some point you will need to decide what kind of computer based training product to purchase.  In developing a vendor criteria, it may seem like it makes sense to purchase training with a LOT of  content, but let me tell you…

It is easy to be skeptical about PCI Compliance and the requirement to deploy Training to satisfy a checklist item. This idea that a checklist approach cannot help with security is not new. But I’d like to propose the idea that if we have an opportunity to educate teams about Security through an audit approach,…