patterns and practices Security Training Modules Pilot

  • Article

Want to see some short training videos and labs by Keith Brown on some common security issues? 

I thought it would be great to do a pilot around modular, self-paced training.  By modular, I mean you get a video that's 10 minutes or less, and a lab that's 20 minutes or less.

The Pilot

Modular, Relevant, Real-World

To make the training valuable, I wanted to improve on a few things:

  • Whenever, wherever.  I didn't want to have to be in a class-room to get the quick and dirty training to get my job done.
  • Modular.  I don't have big chunks of time.  I need training I could incrementally consume as I want it or have time for it.
  • Relevant.  I wanted to be able to get training for a specific task at hand.  Again, it helps to be modular.
  • Realworld.  Sometimes training can be academic.  I wanted training that was relevant to both the guidance and tempered with real-world scenarios.

Scenarios
For some simple usage scenarios, I had the following in mind:

  • See a single lab page for a specific task (for example, cross-site scripting)
  • Watch a short video.
  • Work through a small lab.
  • Get the relevant guidance.

The idea was that the community could help point each other to more fine-grained training or big picture as needed.  On my end, I could point to the training to help walk customers through our patterns & practices Security Guidance.

Training Layout
The modules are laid out as follows:

All pages are simple and bare by design (to render more as we learn more and based on feedback).  The key to having a page per lab means we'll be able to provide fine-grained access and jumps from guidance.

More Information

For more information about the patterns & practices Security Training Modules, see About the patterns & practices Security Training Modules