Do you force your users to take security awareness modules once a year on generic security topics. Do you feel like it is making the impact you are expecting? We all know that security is everyone’s responsibility and to be successful everyone needs to play their part. Unfortunately, we don’t do a great job of really defining how security fits within each person’s area. Instead, we force generic phishing simulations and then assign annual awareness training modules. Modules that … [Read more...] about Security Awareness: Beyond Typical Training
Training
QA Can Do Security Testing
Does your appsec team struggle with trying to perform security testing on all of your applications? Do you struggle with trying to find more resources for your team to scale your team? What is your relationship with the QA team? Often times, we focus on the developers and overlook the QA team. Why? QA engineers are professional testers. The big difference is that they focus on verifying functionality works instead of focusing on how functionality could be mis-used. This shouldn't be a reason … [Read more...] about QA Can Do Security Testing