#160 - Secure Developer Training Programs (with Scott Russo) Part 1 - podcast episode cover

#160 - Secure Developer Training Programs (with Scott Russo) Part 1

CISO Tradecraft®
Dec 18, 202342 minEp. 160
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

In this episode of CISO Tradecraft, host G Mark Hardy invites Scott Russo, a cybersecurity and engineering expert for a deep dive into the creation and maintenance of secure developer training programs. Scott discusses the importance of hands-on engaging training and the intersection of cybersecurity with teaching and mentorship. Scott shares his experiences building a secure developer training program, emphasizing the importance of gamification, tiered training, showmanship, and real-world examples to foster engagement and efficient learning. Note this episode will continue in with a part two in the next episode

ISACA Event (10 Jan 2024) With G Mark Hardy - https://www.cisotradecraft.com/isaca

Scott Russo - https://www.linkedin.com/in/scott-russo/

HBR Balanced Scorecard - https://hbr.org/1992/01/the-balanced-scorecard-measures-that-drive-performance-2

Transcripts - https://docs.google.com/document/d/124IqIzBnG3tPj64O2mZeO-IDTx9wIIxJ

Youtube - https://youtu.be/NkrtTncAuBA 

Chapters

  • 00:00 Introduction
  • 03:00 Overview of Secure Developer Training Program
  • 04:46 Motivation Behind Creating the Training Program
  • 06:03 Objectives of the Secure Developer Training Program
  • 07:45 Defining the Term 'Secure Developer'
  • 14:49 Keeping the Training Program Current and Engaging
  • 21:10 Real World Impact of the Training Program
  • 21:46 Understanding the Cybersecurity Budget Argument
  • 21:58 Incorporating Real World Examples into Training
  • 22:26 Personal Experiences and Stories in Training
  • 24:06 Industry Best Practices and Standards
  • 24:18 Aligning with OWASP Top 10
  • 25:53 Balancing OWASP Top 10 with Other Standards
  • 26:12 The Importance of Good Stories in Training
  • 26:32 Duration of the Training Program
  • 28:37 Resources Required for the Training Program
  • 32:23 Measuring the Effectiveness of the Training Program
  • 36:07 Gamification and Certifications in Training
  • 38:56 Tailoring Training to Different Levels of Experience
  • 41:03 Conclusion and Final Thoughts

 

For the best experience, listen in Metacast app for iOS or Android