Want to see some short training videos and labs by Keith Brown on some common security issues?
I thought it would be great to do a pilot around modular, self-paced training. By modular, I mean you get a video that's 10 minutes or less, and a lab that's 20 minutes or less.
Modular, Relevant, Real-World
To make the training valuable, I wanted to improve on a few things:
- Whenever, wherever. I didn't want to have to be in a class-room to get the quick and dirty training to get my job done.
- Modular. I don't have big chunks of time. I need training I could incrementally consume as I want it or have time for it.
- Relevant. I wanted to be able to get training for a specific task at hand. Again, it helps to be modular.
- Realworld. Sometimes training can be academic. I wanted training that was relevant to both the guidance and tempered with real-world scenarios.
For some simple usage scenarios, I had the following in mind:
- See a single lab page for a specific task (for example, cross-site scripting)
- Watch a short video.
- Work through a small lab.
- Get the relevant guidance.
The idea was that the community could help point each other to more fine-grained training or big picture as needed. On my end, I could point to the training to help walk customers through our patterns & practices Security Guidance.
The modules are laid out as follows:
- Each lab has it's own page, which includes both a video and a lab. Sample: SQL Injection Lab
- Related labs roll up into an index for a topic. Sample: Input Validation Modules
- All the topics roll up into an index. Sample: Security Training Modules Index
All pages are simple and bare by design (to render more as we learn more and based on feedback). The key to having a page per lab means we'll be able to provide fine-grained access and jumps from guidance.
For more information about the patterns & practices Security Training Modules, see About the patterns & practices Security Training Modules