A measurable increase in a learner’s knowledge after completing training is an essential component to any successful education program. After all, the point of investing time and resources into employee education is to make a positive shift towards improved performance. Measurable knowledge gain is one way to prove your program’s effectiveness and value.
At Security Journey, we call this knowledge gain learning swing.
Nowhere is learning swing more important than in application security education. It’s an unfortunate reality that developers don't receive adequate training in application security during their formal computer science university education. There are also developers who transition to programming from other careers, precluding them from learning about appsec during their non-computer science-related degree study. And then there are the other roles in the SDLC, like QA and product managers, who may have no education on what makes an application secure.
With cybersecurity attacks at an all-time high, it's critical that everyone involved in application development has the knowledge and skills to create safer, more secure applications. For developers, that means understanding the latest vulnerabilities and threats and having the skills to write code to avoid these threats. For non-development roles, it means understanding the threat landscape at a level that helps them recognize and address those threats throughout the application development process.
If your SDLC team understands application security, they infuse security into their daily activities. In turn, this creates a widespread security culture. And organizations that have a security-first culture deliver safer apps.
So, how do you upskill your entire SDLC team? With a comprehensive secure coding training program that delivers proven results. One that is based on recognized learning science principles and leverages real-time data to measure learning improvement. It’s not enough for a product to abstractly promise that your learners will be smarter about application security. You want to see the proof that backs up those claims.
Security Journey is at the forefront of delivering secure coding training that delivers measurable results. We accomplish this through a variety of strategies, including the incorporation of self-assessment functionality. This self-evaluation is how we can document and measure learning swing, and is based on the Kirkpatrick model for adult education. Together with our programmatic, multi-year approach to training developers and everyone in the SDLC, you can see measurable knowledge gains as learners progress through the program.
No other product on the market today does what we do when it comes to measuring and proving learning progress.
Our commitment to building learning measurement into our product started with our customers. They saw the value of our training, but also knew they needed to demonstrate results within their organizations. They requested a way to measure learner progress, and this was the catalyst for us to build that functionality into every lesson on our platform.
The Security Journey learning swing is measured by “before and after” learner self-assessment on an individual lesson basis. Using a five-point scale, learners rate their knowledge of the topic before and after they complete each lesson. The difference between the before and after ratings is the learning swing. Learning swing can be expressed numerically or as a percentage increase.
This learner self-assessment functionality has been available to our customers since 2018. It is an optional feature learning administrators can activate on demand. To date, 77% of our customers take advantage of this opportunity.
Over the past four years, we have acquired hundreds of thousands of learner assessments culled anonymously from participating customers who are leveraging this functionality. On average, learners who complete our training report a 34% increase in knowledge, with some learners increasing knowledge up to 85%.
Developers report knowledge gains both for topics they already feel confident about – like language-specific lessons and SAST – and those that are newer to them like Automated Security Testing and AWS Five Cloud Security Disciplines. Together, this increase in knowledge equates to safer code being deployed.
The training program’s knowledge gains go beyond developers, too. Non-developer roles within the SDLC reported a 40% better understanding of secure development principles.
Improved security knowledge across all roles in the SDLC means safer, more secure applications are delivered the first time around, with less developer time devoted to fixing critical code errors after the fact.
Ready to learn more about how Security Journey can help your organization upskill your developers and all roles in the SDLC? Book a demo today, and we’ll share even more data on learning swing.