Developer Training: Developer Security Essentials

Are you concerned about software security? Could your organisation be hurt by cyber-theft; could your customers suffer privacy leaks that would cause you huge fines, embarrassment or damage; or could rival organisations gain a march on you through digital stealth attacks?

 

If you work with software development teams, however professional they may be it's quite likely they may need support to change their ways of working to deal with these new security threats.

Security Lancaster offers a ‘security package’ to empower a software development team to deliver cyber-secure software. We call it ‘Developer Security Essentials’.

 

It takes less than a day of workshops to get a team’s leaders, programmers and testers more adept at software security. It also empowers one or two of the team to lead the workshops themselves in future. We’ve now run the package with over a dozen different teams in a wide variety of organisations, ranging from a government group to a startup working with school leavers; in every case the participants both enjoyed the workshops and obtained benefits that easily justified the effort and costs. 

Interested? Please call Charles Weir on +44 (7876) 027350. Or read on...

The Training

We work with one or two suitable people from your own organisation, and support them in facilitating a series of workshop sessions. The sessions are as follows:

Introductory lecture, half-hour, outlining the techniques and the process (usually by ourselves).

  • An interactive game session to sensitise developers to the nature of typical attacks and the trade-offs around mitigations
  • Threat assessment ('threat modelling') session around an active project in which the developers are involved
  • Threat discussion session, considering how to present the most important threats to stakeholders, to support commercial decisions about when and whether the problems need to be fixed.
  • Consolidation, reviewing the most effective assurance techniques arising from the previous discussions and other sources.

Following this session we suggest two or three one hour follow-up sessions with the key participants over the next three months.

 

The experience of leading the initial workshops then empowers the facilitators from your organisation to lead further workshops with other teams within your organisation.

Research Implications

For research purposes, we may also request the following. Those who have taken part tell us it helps consolidate their learning:

  • A half hour introductory interview with four or five key participants before the sessions, and
  • A half-hour exit interview with, as far as possible, the same participants following the end of the three month involvement

These interviews help us improve the techniques for you and others to use in future.

Costs and Confidentiality

We are happy to offer commercial levels of confidentiality, and anonymity.  

 

Staff costs may be paid for by the university, as part of our research. If appropriate we may also request travel costs.

Next Steps

To sign up while places are still available, please email Charles Weir now or call him on +44 (7876) 027350.