PROVIDENCE, R.I. (June 20, 2011) – To bolster the security of applications coded in the C family of languages, Safelight, a leader in security education, today announced the newest addition to its on-demand courses for developers: Secure C/C++ Coding. The highly-interactive, scenario-based course equips development teams with a deeper knowledge of application security so they can find and fix common software bugs, understand how these flaws are exploited and use coding best practices to proactively reduce software vulnerabilities.

Safelight is offering organizations an opportunity to take a unit of the new course, as well as units of two of its other popular on-demand developer courses: Application Security Fundamentals and Secure Java Coding, for free during its Summer Test-Drive beginning June 20.

“There’s a lot of C and C++ code out there in legacy systems and embedded applications and many C and C++ developers may not be trained in today’s secure coding practices because they learned to code at a time when application security wasn’t a focus and systems weren’t connected via the Internet,” said Safelight Chief Executive Officer Rob Cheyne. C and C++ languages pose tough challenges when it comes to security because applications have direct access to memory and system resources. If developers code insecurely, they can create memory or resource corruption or open an opportunity for an attacker to run system commands on a local machine. “Learning C/C++ is a lot like learning English in that you have to be aware of all the exceptions to the rules,” continued Cheyne. “A mistake in C/C++ typically has many more repercussions than other programming languages and there are potentially many more mistakes that can be made.”

Presented in five units, Safelight’s Secure C/C++ Coding course delivers deep content and opportunities to interact with multiple code examples in ways that engage students and reinforce learning. Developers will follow pieces of code through a secure software development process learning to uncover vulnerabilities, understand their security implications and discover secure coding best practices. Lesson units include: Introduction to Secure C/C++ Coding, Memory Corruption Bugs, Design Bugs, Privacy & Secrets and Securing Code. View the Secure C/C++ Coding Course Overview for more details.

Companies can sign up to try out Safelight’s Secure C/C++ Coding, Application Security Fundamentals and Secure Java Coding courses on the company’s Summer Test-Drive page.

Safelight is also offering special product pricing through August 15. Organizations can save 25 percent when they purchase up to 1,000 licenses for Safelight’s Secure C/C++ Coding, Application Security Fundamentals or Secure Java Coding on-demand courses. Organizations that register for the Test Drive by July 8 will be entered to win a paid registration to the Black Hat Briefings, August 3-4 in Las Vegas, Nevada. Register at Safelight’s Summer Test-Drive education page to qualify for the offer and for more details.

About Safelight Safelight is a leader in security education—our integration of deep security expertise and innovative approaches to interactive learning sets us apart. We help organizations build comprehensive education programs that go beyond training to measurably shift the way employees think about the value of information and their role in protecting it. We offer a full range of instructor-led and on-demand courses for development, IT and general staff; each role-specific course is part of a larger program designed to cultivate a culture of security across the organization. Learn more at www.safelightsecurity.com. # # #

PROVIDENCE, R.I. (Feb. 8, 2011) – Safelight, a leader in security education, today announced its Security Education Blueprint, a new interactive tool that helps organizations assess the people aspect of their information risk and build a comprehensive security education program that aligns with their particular risk profile.

“Most organizations look solely to technology to address information risk, but technology only solves one part of the problem,” said Safelight CEO Rob Cheyne. “People interact with valuable information on a daily basis and each person is in a position to behave in a way that either exposes or protects it. Security education programs need to address the people and process side of information risk and recognize the potential for employees to be part of the solution.”

Safelight’s Security Education Blueprint offers a practical, structured approach to beginning or growing a security education program. At the center of the blueprint is a set of self-assessment questions that measure the people aspect of an organization’s information risk. After responding to the questions, a user receives a custom blueprint for building an education program that matches the organization’s risk profile.

Safelight’s Security Education Blueprint considers five functional groups of employees—general staff, development staff, IT and operations staff, executives and management, and security staff—and defines three program maturity levels for each group. Beyond categorizing staff by their function, the Blueprint acknowledges a more nuanced reality: the behavior of people in the same functional group often represents different levels of risk. Thus, the Blueprint makes specific recommendations for low, moderate and high-risk employees within each staff group.

An organization’s risk profile maps to a custom Blueprint that recommends a specific level of education for each of the five functional staff groups. At each level, the Blueprint offers guidance for developing 8 essential components of a well-designed security education program. These components include everything from integration of training into hiring and on-boarding processes to the introduction of communications programs that support training content. At each level, the Blueprint also provides a list of recommended training topics based on the risk levels associated with different roles within the group.

“The Blueprint originated from our work with clients and our fundamental belief that organizations should train and equip every employee to protect information,” said Cheyne. “As with any information security initiative, education programs should be risk-based. A successful program, one that sustainably shifts the way employees think about the value of information and their role in protecting it, is built with a clear understanding of how employees interact with information in their everyday work.”

Safelight will showcase the Security Education Blueprint in Booth # 1831 at the RSA Conference 2011 in San Francisco, Calif., February 14-18, 2011. Companies can view their custom Blueprint at the self-directed interactive kiosks, email it to themselves, and discuss their results with Safelight if desired.

Safelight is also offering special product pricing through March 31. Organizations can train two employees for the price of one when they purchase any of Safelight’s on-demand courses for general staff, development teams and IT staff. Register at Safelight’s RSA booth (# 1831) or online, to qualify for the offer and for more details.

About Safelight

Safelight is a leader in security education—our integration of deep security expertise and innovative approaches to interactive learning sets us apart. We help organizations build comprehensive education programs that go beyond training to measurably shift the way employees think about the value of information and their role in protecting it. We offer a full range of instructor-led and on-demand courses for development, IT and general staff; each role-specific course is part of a larger program designed to cultivate a culture of security across the organization. Learn more at www.safelightsecurity.com.

PROVIDENCE, RI (July 7, 2010) – Employees are a company’s primary line of security defense, but they often don’t have the skills to identify and prevent a potential breach. Safelight Security, a leading provider of security education programs, today announced the release of its new, on-demand Information Security Awareness course designed to make staff more aware of security risks and educate them on how to protect sensitive information. Safelight is offering organizations an opportunity to take the entire course for free during the company’s Security Awareness Boot Camp on July 16.

“Companies have made huge investments in technology to reduce their security risk, but have underestimated the importance of educating their employees—people who are in a position to protect or expose sensitive information every day,” said Safelight Chief Executive Officer Rob Cheyne. “We strongly believe that security is every employee’s responsibility. We’re hosting the boot camp to help companies kick-start their awareness programs.”

During Safelight’s Security Awareness Boot Camp, companies can send as many employees as they would like to the free, on-demand Information Security Awareness training course. The 90-minute course covers fourteen basic security topics teaching employees how to recognize and protect sensitive information. Presented in five modules, the course delivers deep content through highly interactive, scenario-based lessons that engage students and reinforce learning.

Lesson Topics:

Computer Crime
1. • Identity theft
2. • Insider threats
3. • Industrial espionage

Social Engineering
1. • Introduction to social engineering
2. • Tips for spotting social engineering attacks
3. • Best practices to mitigate social engineering attacks

Physical Security
1. • Hardware theft
2. • Travel security

Technology Threats
1. • Wireless security
2. • Computer malware

Information Security Policies
1. • Sensitive information
2. • Password protection
3. • Email precautions
4. • Reporting and responding to threats

Companies can sign up for the free course on Safelight’s Security Awareness Boot Camp page.

Safelight is also offering special pricing on two of its on-demand courses for general staff: Information Security Awareness and Information Privacy. Through August 31, companies will receive a 20 percent discount on the new Information Security Awareness course and a 15 percent discount on the Information Privacy course. Safelight’s Information Privacy course equips employees to better identify and manage sensitive corporate information and is designed to expedite compliance with Massachusetts 201 CMR 17 and other state and federal privacy regulations. Companies can sign up to receive the special pricing on Safelight’s Summer Savings page.

Learn more about Safelight’s full range of instructor-led and on-demand courses, visit the Education Programs section of the company’s web site.

About Safelight Security

Safelight offers flexible, role-specific education programs that reduce information risk. Specialists in both information security and instructional design and delivery, we offer a full range of instructor-led and on-demand courses designed for application developers, IT teams and general staff. We’ve trained tens of thousands of employees on information security in financial services, healthcare, technology, retail and energy companies across the globe. Our on-demand courses are enterprise-class and both our instructor-led and on-demand courses are fully customizable. Learn more at www.safelightsecurity.com.

# # # ]]> http://safelightsecurity.com/news/2010/07/07/safelight-security-launches-on-demand-information-security-awareness-course-with-free-day-of-staff-training/feed/ 0 http://safelightsecurity.com/news/2009/02/25/safelight-security-advisors-launches-e-learning-security-courses-for-software-developers/ http://safelightsecurity.com/news/2009/02/25/safelight-security-advisors-launches-e-learning-security-courses-for-software-developers/#comments Wed, 25 Feb 2009 14:21:17 +0000 Mike http://www.securityadvisors.com/?p=46 FOR IMMEDIATE RELEASE

Media Contact:
Kim Novino
Safelight Security Advisors
508-981-9732
knovino@securityadvisors.com

Safelight Security Advisors Launches e-Learning Security Courses for Software Developers

Web-Based Modules Offer Comprehensive, Cost-Effective On-Demand Training

Boston, MA, February 25, 2009 – Safelight Security Advisors, (www.securityadvisors.com), a security education company that delivers application security training to developers worldwide, today introduced electronic learning versions of their widely-taught instructor-led courses: Application Security Fundamentals and Secure .NET Coding. The courses bring a real-world understanding of the hacker mindset to application developers in a comprehensive, yet cost-effective computer-based offering that makes it easier for developers to learn at their own pace and schedule. Users can sign up for a free demo license at www.securityadvisors.com/offerings/hacker/. A third course, Secure Java Coding, will be available at the end of Q1 2009.

Unlike other security e-learning products which provide basic information delivered in a static format, Safelight’s e-Learning courses incorporate deep content with interactive features designed to engage students. The modules offer Adobe Flash-based web content, clear and logical menu-based navigation that allows students to pause, skip or jump to any part of the course at any time, learning objectives that are reiterated throughout the course, and interactive games and quizzes to increase student interest and re-enforce their learning.

“The truth is that an attacker knows much more about breaking into your system than the average developer knows about writing secure code. These advanced e-Learning courses shed some light on what developers are really up against and then teaches them what they need to know to build solid defenses,” said Rob Cheyne, founder and CEO, Safelight Security Advisors. “Our computerized courses combine the depth of our instructor-led training with e-learning best practices designed to utilize the different ways people learn.”

Safelight’s e-Learning courses are currently being rolled out to customers in the retail, government, financial services and employment services sectors.

The Application Security Fundamentals e-learning course can be completed in 3-4 hours and is appropriate for all members of the application development team. No prior background in security is needed. The Secure .NET Coding course is for experienced developers and is designed to be used in combination with Application Security Fundamentals. For more information, visit www.securityadvisors.com.

About Safelight Security Advisors

Safelight Security Advisors is an information security education company that delivers application security training programs through effective e-Learning and instructor-led training. Safelight develops its information security education programs for development teams, executives and general staff. The company’s core courses focus on application security, secure coding, secure architecture & design, and security awareness. For more information, visit www.securityadvisors.com.

]]> http://safelightsecurity.com/news/2009/02/25/safelight-security-advisors-launches-e-learning-security-courses-for-software-developers/feed/ 0