If you work as a software developer, QA tester, DevOps or anything else IT related, chances are security is at the back of your mind whether or not you feel confident in your security skills. If you’re a security enthusiast, perhaps you’re constantly looking for ways to strengthen your skills and are an advocate for security amongst your peers. You also know that the security integrity of the organization you work in is only as strong as the cybersecurity skills of the employees - from the basic security awareness of non-technical staff to the individual programmer who needs to understand how the code they write could be vulnerable to attacks.
If security is important to you and you really want your boss to invest in training the team to better understand security, but you aren’t sure how to convince them, here are some points you can bring up to get them on board:
When you find a potential software vulnerability during the development stage or during QA testing the cost to fix that issue is simply the time it takes for it to be spotted and fixed by the team. On the other hand, if you release something that has a vulnerability, the costs of that can be massive.
This leads to our next point.
In the best case scenario someone catches the flaw and you fix it before any damage is done. But what if an attacker finds the flaw and is able to breach your system? According to IBM, the average cost of a data breach worldwide is $3.9 million. Depending on the industry you’re in and the size of the company you work for, it could be devastating. Let’s say you work for a financial institution and your website has been hacked and money is being stolen from your customers. That results in a PR nightmare and lost trust from your customers on top of the money spent to contain the breach.
We should all know by now that empowering employees drives better results and keeps people happy, but it’s worth reiterating. Any kind of career building and training is an investment, not a cost. When managers and businesses invest regularly in training their employees, especially when they do it in a fun way, people are more likely to put in the effort and stay at the company longer.
If engineers understand how software can be vulnerable to attacks, then they perform their work with that in mind. In general, the more we think about what can go wrong, the more we do our work with a preventative mindset.
It’s impossible to play defense, if you do not understand offense.
There’s power in numbers. Try getting your colleagues on board to advocate for security training as well. If many people in your team are interested in going through training, it will be easier to convince your boss to invest in it.
Have them sign up for a free trial to the Adversary security training platform below.
Training doesn’t have to be boring. Lectures are expensive, difficult to organize, and attendees are unlikely to take much away with them. So why not try an online and hands-on security training platform. People retain much more information when they learn through doing and even more when they have fun learning.
Not only that, but having fun learning by essentially playing a game with your colleagues fosters a security culture within your organization, because it gets people interested in it and talking about it. One of our customers, Mnemonic, said
“You know you’ve found the right solution if they [the trainees] are playing with it after work and bragging about their results the day after."
Read the full Mnemonic Success story here.
Still not sure how to push cybersecurity training forward within your organization?
One great way to show the value of an online training platform is by organizing an internal hackathon using the tool. We suggest combining the hackathon with pizza, beer, and prizes. It gets everyone interested in security and once everyone has had some experience with hands-on training, they’re more likely to push the solution internally. Not only that, but managers will already get some insight into how effective this kind of training can be and get a small assessment of the security knowledge of their team as they stand now.
In the meantime, you can request a demo for your organization or try out 5 free missions below.