Skip to main content
August 19, 2015

SOS: Security Remediation and the Future of Training

SOS: Security Remediation and the Future of TrainingIn some ways, training is one of the most inherently scalable practices a growing business can implement. What's easier than putting a bunch of employees in a conference room or requiring them to sign into a web-based program, after all? In other ways, however, crucial tasks such as coaching and continuing education don't always get the treatment they deserve, especially as an organization grows.

The problem often comes down to two points, namely context and consistency. Take security remediation and other related tasks in the development profession: Putting software together requires an incredibly diverse group of roles and associated functions. While training all those people on technical concepts (even ones as expansive and quick to change as security) can be easy, it often seems that's only true if the organization is willing to cut corners — often by using a substandard product — or spend big money trying to get it right.

While training is theoretically easy, doing it right is a whole different ball game, and it only gets more challenging as an organization expands. This is where cloud-based security remediation programs can help.

Efficiency Isn't Enough

By utilizing a platform designed to tailor education at the developer level and adapt to rapid change, you add efficiency, context and consistency to a process that can quickly become derailed in the shuffle of a growing workforce. From a business perspective, the "efficiency" part of that statement brings the most obvious benefits. It's the reason basically every large company under the sun has implemented some form of electronic testing: Picking up a quick session and doing a review will always be less expensive when employees don't have to leave the office.

But efficiency alone isn't always enough, especially when it comes to security. Being able to send a message to a large group is helpful, but making sure you're sending the right message to the right people — and that it's sinking in — is what really matters.

A good platform will help address you all those concerns, and it'll do it on a large scale.

Need to train a group of new employees on the intricacies of industry-specific regulations? A cloud-based platform will do it, and it'll tell you how they tested — so you and your auditors know they didn't just breeze through. Want to double-check a vendor's competency in a given language after some costly errors? Same answer. And since you can do it using the same platform wherever those employees might be based, you take the looming issue of variability (a problem endemic to in-house training platforms and individual trainers) out of the equation altogether.


Another problem with traditional modes of training is that they paint in broad strokes, even when effective security remediation and training often needs pinstripes.

While some issues are truly office- or organization-wide and should be treated as such, others need more finesse and focus. Any web-based platform can handle wide-scale training efforts, but getting down to the team level is every bit as important.

In practice, this means training developers on topics and remediating their errors when it matters most: It's important to give them info relevant to what they're doing now and show them how to fix errors shortly after they're made. Individual teams have individual strengths, talents, skill sets and educational needs. Giving them a targeted learning platform that teaches around these factors (among others, including project and organizational goals) means providing training that's timely and relevant, and ensuring employees retain information by offering it at the best possible time.

An automated training platform can bring the best parts of small-business learning (e.g., tailored coaching and training, and a focus on results instead of "just getting things done") to larger businesses. Targeting education to individual needs gets harder and costlier the more individuals there are, but finding a middle ground shouldn't have to mean cutting corners.

That's true from a business standpoint, too. While assigning trainers to individual employees or teams is obviously better for learning, it's not the best option financially. Implementing a program that's built for individual learning on a large scale and that's enhanced with extras — such as a topical knowledge base and on-demand expert help — lets an organization provide contextual learning services without costs that expand with roster size.

Train Away

Cloud-based security remediation and training isn't a luxury or an afterthought. Instead of going with a broad-scale, web-based solution and hoping for the best (or spending exorbitant amounts for targeted manual training), cloud-based remediation platforms offer the best of both worlds: Targeted, contextually relevant information that's served as needed across any number of employees. Considering the potential costs of a less-than-secure software product, that makes it worth a look no matter what your organization's size.

Photo Source: Wikimedia Commons

Evan Wade is a professional freelance writer, author, and editor from Indianapolis. His time as a sales consultant with AT&T, combined with his current work as a tech reporter, give him unique insight into the world of mobile/Web security and the steps needed to properly secure software products. Follow him on Twitter.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.