Our DevSecOps training sessions upskill and engage developers
Grab your copy of our free DevSecOps guide
👉
Instant download
Save Time
Conventional developer security training typically takes a week, per developer.
Our sessions take half a day and can be delivered on-site or remotely. Lab access remains open for those who just cant stop playing.
Build relationships
The key to a strong security culture is getting security and development functions working together.
Our training sessions encourage communication between these teams, during and after the event.
Made for you
No abstract concepts, just real on-the-job learning but in the safety of our labs.
Every session is designed to tackle your security concerns, using the same tech that your teams work with.
Developing a security culture is critically important
Group-based sessions
Our training sessions typically last half a day, and consist of an engaging speaker-led session followed by competitive labs in our gamified learning platform. Here developers can be compete as groups or individuals.
Developers will spend a couple of hours playing our labs, which focus on the key points of the speaker-led session in a fun and engaging way. Maybe it’s stealing passwords from containers, hacking Kubernetes or performing simple attacks.
Encouraging security
It’s important to get developers enthusiastic about security, and the best way to do that is to show them how quickly things can go wrong.
Our sessions focus on simple attacks against the technology your developers are already using. This creates true “wow!” moments, without requiring your developers to learn abstract technology or learn every attack.
Forging relationships
Development teams and security teams need to talk to get the best result. Developers often need to understand the impact of a security defect, and security teams need to work with developers to prioritise risks.
Our sessions help forge and strengthen these relationships by utilising your own security team to support developers through the labs. If you don’t want this, then our team provide the support they need to get the most of the experience.
Tailored content
We work with your security team to identify the technology you use, and the most important issues facing the business right now. Armed with this information, we tailor our content and labs to maximise the benefit.
Your developers spend less time learning unnecessary technology and abstract concepts, and more time learning key security concepts.
FAQs
What is DevSecOps?
DevSecOps is the practice of integrating security into software development.
It is crucial because it prevents vulnerabilities residing in applications for months, if not years.
Why build security awareness?
Most security courses dive into the specifics of attacking or defending systems. We believe it’s better, and more engaging, to instead teach the concepts that lead to security issues.
93% of cyber security incidents are due to human error, not super-complex technical vulnerabilities. If your teams can think like hackers, they’ll intuitively build more secure systems.
Is it expensive?
Absolutely not.
Conventional secure code training is expensive and time consuming. Each developer takes around a week out from their role to attend virtual or on-site training. This training can be amazing, but you’re extremely lucky if half of the content relates directly to the technology you use. Oh, and it usually costs £2-4000 per developer!
Our approach flips this on its head. Let’s use half a day of your developers time, and get them really engaged in some key security concepts through gamified group-based activity. And the cost is a tiny in comparison.
How do we build a course around your needs?
Matching your tech stack (as close as we can) is hugely important to us. We want your staff to be able to spend their time learning how to break things (and therefore make them unbreakable) and not learning new technologies. Our team will work with you to identify what technology you are using in your organisation and then build course challenges to suit. The concepts don’t change, but the learning requires much less effort.
How else can we help?
DevSecOps is more than just implementing tools. You may recognise the pattern that most businesses follow:
- Purchase one or more tools
- Implement the tools across the business and block development if issues are found
- Thousands of issues are raised, development stops and the tools are turned off
This is unfortunately most organisations experience of DevSecOps, and the promised ideal is never realised. We’ve seen this plenty of times before, and we can help you avoid it. We achieve this through holistic auditing, sensible advice, direct engineering support, and targeted training to raise engagement levels.
We can fully implement and manage your DevSecOps program in place of a dedicated DevSecOps function, or we can break our services out into discrete components and advise which offers the most immediate value to you. Typically this begins with one of our senior consultants assessing your maturity against the OWASP SAMM and DSOMM frameworks.
WHAT OUR CLIENTS SAY
Our team at Illumio recently participated in a custom CTF event hosted by Punk Security, and it was a great experience! The CTF was not only challenging but also immensely educational, especially in the realm of cloud security principles.
The challenges presented during the CTF were designed to cover a broad spectrum of cloud security topics. This approach allowed our team to dive deep into practical scenarios that tested our skills and pushed us to explore new strategies and technologies. The balance between difficulty and learning outcomes was perfectly struck, ensuring that each team member, regardless of their prior level of expertise, found the event to be rewarding.
Punk Security provided exceptional DevSecOps training for our engineers here at Sage and delivered an outstanding talk at our Securing Sage Summit.
Their expertise and knowledge were evident throughout the sessions.
Not only were they efficient and great to work with, but their presentation was also the highest rated session of the entire event. We highly recommend Punk Security for any security-related needs.
Having attended a live hack demo held at C4DI we approached Punk Security to help sure-up our cyber security and DevOps processes. Punk not only completed this audit but passed on valuable gained knowledge to our team to broaden their skills and insight in this area.
We have since continued to work in partnership with Punk to implement a WAF and frequently consult their expertise in DevOps in relation to our application so we can all learn and grow in a collaborative way.
Punk are approachable, knowledgeable and also adept at explaining in layman’s terms for the less technical! We look forward to continuing our fruitful working relationship.