Security is a journey,
not a destination.
Our security belt program can help your company build
a long-term, sustainable application security culture.
Security is a journey,
not a destination.
Our security belt program can help your company build
a long-term, sustainable application security culture.
Build your Security Culture
Security culture doesn’t happen overnight. Our belt-based approach helps build culture that will last. Our education guides your development community through their journey and identifies your champions along the way.
Engage your Development Population
Training shouldn’t be boring. That’s why we don’t do a lecture. Instead, we let the experts talk about what’s important in security. Our security conversations are 10-20 minutes long.
Mobilize your Security Community
Learning should lead to action. Our approach combines the ‘why’ with the ‘how.’ We emphasize real-world application through code-based experiments and activity-based achievements.
Build your Security Culture
Security culture doesn’t happen overnight. Our belt-based approach helps build culture that will last. Our education guides your development community through their journey and identifies your champions along the way.
Engage your Development Population
Training shouldn’t be boring. That’s why we don’t do a lecture. Instead, we let the experts talk about what’s important in security. Our security conversations are 10-20 minutes long.
Mobilize your Security Community
Learning should lead to action. Our approach combines the ‘why’ with the ‘how.’ We emphasize real-world application through code-based experiments and activity-based achievements.
What we offer you
Community
Build it around
security
Competition
Motivation is key
to momentum
Modality
Video or transcript
– your choice
Delivery
Via our cloud or
your LMS
Experiments
Hands-on, code-
based, custom
Assessments
Gauge your
comprehension
Expertise
Content created by
real-world experts
Pricing
Tied to the
amount you use
What we offer you
Community
Build it around security
Competition
Motivation is key to momentum
Modality
Video or transcript – your choice
Delivery
Via our cloud or your LMS
Experiments
Hands-on, code-based, custom
Assessments
Gauge your comprehension
Expertise
Content created by real-world experts
Pricing
Tied to the amount you use
You’re in good company
What we cover
White Belt provides a basic security vocabulary and a solid foundation that improves communication and prioritizes security in one’s thinking. It applies to anyone with an interest in secure development or whose job requires knowledge of application security.
After White Belt sets the foundation, Yellow Belt takes your technical staff deeper into the topics that are most critical to keeping your products secure. By the end, they’ll understand:
- The most important principles of security: secure design, input validation, authentication, authorization, logging, and cryptography
- How to combat the most common and dangerous kinds of attacks: OWASP Top 10, buffer overflows, denial of service, and the social engineering techniques hackers use to breach systems
- The tools and processes that will uncover and mitigate vulnerabilities: threat modeling, static and dynamic analysis, vulnerability scanning, pen testing, and more
Different roles have different responsibilities—that’s why Green Belt lets your team members dive deep into the security skills and tools that apply to the specific roles they have in your organization.
- Developers will learn exactly how to write secure code and catch errors early
- Testers will be able to use white and black box techniques, pen testing, and other critical testing tools and processes that dramatically reduce vulnerabilities
- Managers will learn how to lead their teams to improved security, allocate the right resources, and give developers and testers the support they need to thrive
The Brown and Black Belt modules walk your team through performing actual security tasks to strengthen your software development lifecycle and security processes. They’ll be able to:
- Take on leadership roles in your organization’s security culture and sustain its growth long after they’ve completed the training program
- Improve the systems and processes that strengthen your application security
- Mentor and teach other developers as they begin their own security journey
The Brown and Black Belt modules walk your team through performing actual security tasks to strengthen your software development lifecycle and security processes. They’ll be able to:
- Take on leadership roles in your organization’s security culture and sustain its growth long after they’ve completed the training program
- Improve the systems and processes that strengthen your application security
- Mentor and teach other developers as they begin their own security journey
C#/.NET pathway prepares developers to implement secure coding principles in C#, ASP.NET Core MVC and Razor Pages, ASP.NET, .NET Core, and .NET Framework. These advanced modules go deep on the most common security vulnerabilities for C#/.NET. Topics include validation, parameterization, authentication, authorization, sessions/cookies, logging, exceptions, cryptography, data protection, hashing passwords, and much more. Each module includes hands-on, code-based experiments.
Total Modules: 30
Training Time: 12-14 hours
Available now
C/C++ pathway prepares developers to
implement secure coding principles in C/C++. These advanced modules go deep on the most common security vulnerabilities for C/C++ developers. Topics include vulnerability classes, CWE, stack buffer overflows, platform mitigations, undefined behavior, exploitable programming constructs, and much more. Each module includes hands-on, code-based experiments.
Total Modules: 17
Training Time: 7-9 hours
Available now
Java pathway prepares developers to implement secure coding principles in Java, Spring, and Hibernate. These advanced modules go deep on the most common security vulnerabilities for Java developers. Topics include validation, parameterization, authentication, authorization, sessions/cookies, logging, exceptions, cryptography, data protection, hashing passwords, and much more. Each module includes hands-on, code-based experiments.
Total Modules: 30
Training Time: 12-14 hours
Available now
Secure Development modules continue building on the foundation of white and yellow belt. These modules provide expert training on best security practices for developers, regardless of language or technology. Topics include secure coding best practices, securing your development environment, protecting your code repository, producing a secure code culture, securing your release, secure design principles applied, and much more.
Total Modules: 12
Training Time: 4-5 hours
Available now
Total Modules: 20
Training Time: 8-10 hours
Available September 2019
A note from our founder
If you’re in charge of finding quality security training for your developers, you’ve got a tall order on your hands. I know because I’ve been in your shoes.
Before Security Journey, I was the Chief Security Advocate at a Fortune 100 company with over 60,000 employees. My task? Finding a training program that would actually improve our security culture.
The obvious answer was a video on-demand training program. Live seminars were expensive and took people away from work for an entire week. Not to mention they often just left developers wondering “Now what?” once they ended.
Read MoreBut there was one big problem: every video training program I demoed was about as exciting as waiting in line at the DMV. They put me to sleep in minutes—and security was my job!
If I couldn’t stand watching hours of people reading the same dated material off teleprompters, there was no way 20,000+ developers in our company were going to get through it. They’d revolt! I’d be lucky to be alive if I wasted that many people’s time.
So I assembled a team and built what became the world’s largest security program inside our organization:
- We replaced scripts and teleprompters with passionate experts having engaging conversations about security that actually related to the work developers and testers were doing every day.
- We made videos and assessments they could progress through 15 minutes at a time, without disrupting their workflow.
- And we created a unique Security Belt structure that made advancing your security skills fun and rewarding.
The results? Over 20,000 employees went through the program—and it wasn’t even mandatory.
I wanted to rebuild that same level of high-quality, engaging security training from the ground up and make it available to all companies, and that’s exactly what we’ve built with Security Journey.
Every video, assessment, and lesson was created with teams like yours in mind, and our technology and delivery system makes getting started as quick and easy as possible (even for large organizations).
I’d love to show you how Security Journey can transform your organization’s security culture and awareness. Just click here to get in touch and I can personally take you on a quick tour of everything the program has to offer and answer any questions you have.
Remember, security is a journey—not a destination.
Chris Romeo
CEO, Security Journey
A note from our founder
If you’re in charge of finding quality security training for your developers, you’ve got a tall order on your hands. I know because I’ve been in your shoes.
Before Security Journey, I was the Chief Security Advocate at a Fortune 100 company with over 60,000 employees. My task? Finding a training program that would actually improve our security culture.
The obvious answer was a video on-demand training program. Live seminars were expensive and took people away from work for an entire week. Not to mention they often just left developers wondering “Now what?” once they ended.
Read MoreBut there was one big problem: every video training program I demoed was about as exciting as waiting in line at the DMV. They put me to sleep in minutes—and security was my job!
If I couldn’t stand watching hours of people reading the same dated material off teleprompters, there was no way 20,000+ developers in our company were going to get through it. They’d revolt! I’d be lucky to be alive if I wasted that many people’s time.
So I assembled a team and built what became the world’s largest security program inside our organization:
- We replaced scripts and teleprompters with passionate experts having engaging conversations about security that actually related to the work developers and testers were doing every day.
- We made videos and assessments they could progress through 15 minutes at a time, without disrupting their workflow.
- And we created a unique Security Belt structure that made advancing your security skills fun and rewarding.
The results? Over 20,000 employees went through the program—and it wasn’t even mandatory.
I wanted to rebuild that same level of high-quality, engaging security training from the ground up and make it available to all companies, and that’s exactly what we’ve built with Security Journey.
Every video, assessment, and lesson was created with teams like yours in mind, and our technology and delivery system makes getting started as quick and easy as possible (even for large organizations).
I’d love to show you how Security Journey can transform your organization’s security culture and awareness. Just click here to get in touch and I can personally take you on a quick tour of everything the program has to offer and answer any questions you have.
Remember, security is a journey—not a destination.
Chris Romeo
CEO, Security Journey