Security is a journey,
not a destination.

Our security belt program can help your company build
a long-term, sustainable application security culture.

Security is a journey,
not a destination.

Our security belt program can help your company build
a long-term, sustainable application security culture.

EXPLORE OUR WHITE BELT
EXPLORE OUR WHITE BELT

Build your Security Culture

Security culture doesn’t happen overnight. Our belt-based approach helps build culture that will last. Our education guides your development community through their journey and identifies your champions along the way.

Explore our belts

Engage your Development Population

Training shouldn’t be boring. That’s why we don’t do a lecture. Instead, we let the experts talk about what’s important in security. Our security conversations are 10-20 minutes long.

See our approach

Mobilize your Security Community

Learning should lead to action. Our approach combines the ‘why’ with the ‘how.’ We emphasize real-world application through code-based experiments and activity-based achievements.

Check out our features

Build your Security Culture

Security culture doesn’t happen overnight. Our belt-based approach helps build culture that will last. Our education guides your development community through their journey and identifies your champions along the way.

Explore our belts

Engage your Development Population

Training shouldn’t be boring. That’s why we don’t do a lecture. Instead, we let the experts talk about what’s important in security. Our security conversations are 10-20 minutes long.

See our approach

Mobilize your Security Community

Learning should lead to action. Our approach combines the ‘why’ with the ‘how.’ We emphasize real-world application through code-based experiments and activity-based achievements.

Check out our features

What we offer you

Community
Build it around
security

Competition
Motivation is key
to momentum

Modality
Video or transcript
– your choice

Delivery
Via our cloud or
your LMS

Experiments
Hands-on, code-
based, custom

Assessments
Gauge your
comprehension

Expertise
Content created by
real-world experts

Pricing
Tied to the
amount you use

What we offer you

Community
Build it around security

Competition
Motivation is key to momentum

Modality
Video or transcript – your choice

Delivery
Via our cloud or your LMS

Experiments
Hands-on, code-based, custom

Assessments
Gauge your comprehension

Expertise
Content created by real-world experts

Pricing
Tied to the amount you use

You’re in good company

What we cover

White Belt provides a basic security vocabulary and a solid foundation that improves communication and prioritizes security in one’s thinking. It applies to anyone with an interest in secure development or whose job requires knowledge of application security.

After White Belt sets the foundation, Yellow Belt takes your technical staff deeper into the topics that are most critical to keeping your products secure. By the end, they’ll understand:

  • The most important principles of security: secure design, input validation, authentication, authorization, logging, and cryptography
  • How to combat the most common and dangerous kinds of attacks: OWASP Top 10, buffer overflows, denial of service, and the social engineering techniques hackers use to breach systems
  • The tools and processes that will uncover and mitigate vulnerabilities: threat modeling, static and dynamic analysis, vulnerability scanning, pen testing, and more

Different roles have different responsibilities—that’s why Green Belt lets your team members dive deep into the security skills and tools that apply to the specific roles they have in your organization.

  • Developers will learn exactly how to write secure code and catch errors early
  • Testers will be able to use white and black box techniques, pen testing, and other critical testing tools and processes that dramatically reduce vulnerabilities
  • Managers will learn how to lead their teams to improved security, allocate the right resources, and give developers and testers the support they need to thrive

The Brown and Black Belt modules walk your team through performing actual security tasks to strengthen your software development lifecycle and security processes. They’ll be able to:

  • Take on leadership roles in your organization’s security culture and sustain its growth long after they’ve completed the training program
  • Improve the systems and processes that strengthen your application security
  • Mentor and teach other developers as they begin their own security journey

The Brown and Black Belt modules walk your team through performing actual security tasks to strengthen your software development lifecycle and security processes. They’ll be able to:

  • Take on leadership roles in your organization’s security culture and sustain its growth long after they’ve completed the training program
  • Improve the systems and processes that strengthen your application security
  • Mentor and teach other developers as they begin their own security journey

C#/.NET pathway prepares developers to implement secure coding principles in C#, ASP.NET Core MVC and Razor Pages, ASP.NET, .NET Core, and .NET Framework. These advanced modules go deep on the most common security vulnerabilities for C#/.NET. Topics include validation, parameterization, authentication, authorization, sessions/cookies, logging, exceptions, cryptography, data protection, hashing passwords, and much more. Each module includes hands-on, code-based experiments.

Total Modules: 30
Training Time: 12-14 hours
Available now

C/C++ pathway prepares developers to
implement secure coding principles in C/C++. These advanced modules go deep on the most common security vulnerabilities for C/C++ developers. Topics include vulnerability classes, CWE, stack buffer overflows, platform mitigations, undefined behavior, exploitable programming constructs, and much more. Each module includes hands-on, code-based experiments.

Total Modules: 17
Training Time: 7-9 hours
Available now

Java pathway prepares developers to implement secure coding principles in Java, Spring, and Hibernate. These advanced modules go deep on the most common security vulnerabilities for Java developers. Topics include validation, parameterization, authentication, authorization, sessions/cookies, logging, exceptions, cryptography, data protection, hashing passwords, and much more. Each module includes hands-on, code-based experiments.

Total Modules: 30
Training Time: 12-14 hours
Available now

Secure Development modules continue building on the foundation of white and yellow belt. These modules provide expert training on best security practices for developers, regardless of language or technology. Topics include secure coding best practices, securing your development environment, protecting your code repository, producing a secure code culture, securing your release, secure design principles applied, and much more.

Total Modules: 12
Training Time: 4-5 hours
Available now

We live in a DevOps world. As more and more companies make the transition to DevOps, it becomes critical to understand security principles for all of the technologies that touch your development environment. Our DevSecOps pathway is a “create-your-own-adventure” based on the technology in your stack. Technologies include AWS, Docker, Kubernetes, API/Microservices, Python and others.

Total Modules: 20
Training Time: 8-10 hours
Available September 2019

A note from our founder

If you’re in charge of finding quality security training for your developers, you’ve got a tall order on your hands. I know because I’ve been in your shoes.

Before Security Journey, I was the Chief Security Advocate at a Fortune 100 company with over 60,000 employees. My task? Finding a training program that would actually improve our security culture.

The obvious answer was a video on-demand training program. Live seminars were expensive and took people away from work for an entire week. Not to mention they often just left developers wondering “Now what?” once they ended.

Read More

But there was one big problem: every video training program I demoed was about as exciting as waiting in line at the DMV. They put me to sleep in minutes—and security was my job!

If I couldn’t stand watching hours of people reading the same dated material off teleprompters, there was no way 20,000+ developers in our company were going to get through it. They’d revolt! I’d be lucky to be alive if I wasted that many people’s time.

So I assembled a team and built what became the world’s largest security program inside our organization:

  • We replaced scripts and teleprompters with passionate experts having engaging conversations about security that actually related to the work developers and testers were doing every day.
  • We made videos and assessments they could progress through 15 minutes at a time, without disrupting their workflow.
  • And we created a unique Security Belt structure that made advancing your security skills fun and rewarding.

The results? Over 20,000 employees went through the program—and it wasn’t even mandatory.

I wanted to rebuild that same level of high-quality, engaging security training from the ground up and make it available to all companies, and that’s exactly what we’ve built with Security Journey.

Every video, assessment, and lesson was created with teams like yours in mind, and our technology and delivery system makes getting started as quick and easy as possible (even for large organizations).

I’d love to show you how Security Journey can transform your organization’s security culture and awareness. Just click here to get in touch and I can personally take you on a quick tour of everything the program has to offer and answer any questions you have.

Remember, security is a journey—not a destination.


Chris Romeo
CEO, Security Journey

A note from our founder

If you’re in charge of finding quality security training for your developers, you’ve got a tall order on your hands. I know because I’ve been in your shoes.

Before Security Journey, I was the Chief Security Advocate at a Fortune 100 company with over 60,000 employees. My task? Finding a training program that would actually improve our security culture.

The obvious answer was a video on-demand training program. Live seminars were expensive and took people away from work for an entire week. Not to mention they often just left developers wondering “Now what?” once they ended.

Read More

But there was one big problem: every video training program I demoed was about as exciting as waiting in line at the DMV. They put me to sleep in minutes—and security was my job!

If I couldn’t stand watching hours of people reading the same dated material off teleprompters, there was no way 20,000+ developers in our company were going to get through it. They’d revolt! I’d be lucky to be alive if I wasted that many people’s time.

So I assembled a team and built what became the world’s largest security program inside our organization:

  • We replaced scripts and teleprompters with passionate experts having engaging conversations about security that actually related to the work developers and testers were doing every day.
  • We made videos and assessments they could progress through 15 minutes at a time, without disrupting their workflow.
  • And we created a unique Security Belt structure that made advancing your security skills fun and rewarding.

The results? Over 20,000 employees went through the program—and it wasn’t even mandatory.

I wanted to rebuild that same level of high-quality, engaging security training from the ground up and make it available to all companies, and that’s exactly what we’ve built with Security Journey.

Every video, assessment, and lesson was created with teams like yours in mind, and our technology and delivery system makes getting started as quick and easy as possible (even for large organizations).

I’d love to show you how Security Journey can transform your organization’s security culture and awareness. Just click here to get in touch and I can personally take you on a quick tour of everything the program has to offer and answer any questions you have.

Remember, security is a journey—not a destination.


Chris Romeo
CEO, Security Journey

Let’s get to know each other

Explore for yourself
Explore for your company