Introduction to our safety training

For most training requests, we are happy to advise you, but we typically refer you to existing courses offered by specialized providers. However, there are certain topics for which we cannot make specific recommendations, so we have decided to offer our own training in these areas.

Motivational training for developers

There is a vast number of courses aimed at teaching developers secure programming guidelines and how to implement them. However, most developers find the sheer volume of rules overwhelming and often struggle to determine which guidelines are relevant to their own organization. For instance, OWASP ASVS L3 alone includes over 300 controls, from which the corresponding rules can be derived. As a result, most developers have only limited motivation to apply all these rules consistently in their daily work.

To address these challenges, we have developed a course that primarily focuses on motivating developers by providing them with a clear picture of the weaknesses in their development process that enable attacks. By explicitly applying attack techniques to their own website, developers gain a deep understanding of the consequences of insecure programming and typically develop a strong motivation to avoid such errors. In addition, they learn to perform at least basic security checks themselves, allowing them to validate their own work.

This course is usually held online and typically consists of eight 90-minute lessons, followed by an additional 90-minute session for guided practice. An optimal group size is three to seven participants, and we recommend splitting larger teams accordingly.

The all-inclusive price for this course is 12.000 €.

Safety training for managers

This course is designed for individuals in management roles such as project managers, department heads, and Scrum Masters and provides them with a foundational understanding of all relevant safety topics in your industry.

The scope and content are tailored to your specific requirements but can also be expanded on an ad hoc basis if further questions arise. The typical course covers the following topics:

What are typical risks in your industry?
What successful attacks have there been in your industry in recent years?
How have your competitors reacted to such attacks?
Should you pay in the event of an extortion attempt?
How do you deal with attacks on your own reputation?
What role do your own developers, system administrators and application testers play in defending against attacks?
Can you buy security from external service providers?
What role does the works committee play in monitoring your own employees, and when does such monitoring make sense?
Which laws are relevant to management, and what liability risks arise if these are not complied with?
When can a manager be personally charged with gross negligence in the area of safety?
What documentation of security measures is useful and necessary within the legal framework?
What role does risk management play in security?

This course is scheduled for two 3-hour sessions.

The all-inclusive price for this course is 3.000 €, or 2.400 € if this course takes place immediately after a pentest carried out by us.

Security training for controllers and purchasing

This course is specifically aimed at those responsible for the financial aspects of security management. It largely avoids technical details and focuses on the role of controllers or purchasing departments in a security context.

The scope and content are tailored to your individual requirements and can be expanded on an ad hoc basis if additional questions arise.

The typical course covers the following topics:

Documenting requirements from both the business and IT perspectives
Identifying and managing financial risks
Purchasing security services
Evaluating security solution providers
Accepting and approving security solutions by IT and business
Conducting penetration tests for independent validation of internal or external services
Performing security-related audits
Reporting security risks