Security champion training

Extensive development of expertise in the field of secure software development

The requirements for secure software applications in companies are continuously increasing. Protecting data and safeguarding systems against external attacks is becoming increasingly important - and complex. In our security champion training course, we show your team of software developers how they can consistently take security into account in their daily work. In the future, the security of software applications can only be guaranteed by building up the skills of developers in a focused way.

By completing this training course, you will qualify as a security champion and become an expert in the field of secure software development. We provide you with the necessary knowledge and skills on a step by step basis so that you can advise your teams on security issues and point out possible gaps in security in your role as a security champion. In addition, you will practice the necessary hard and soft skills and learn how to successfully apply the latest security methods and the relevant tools. The learning content is based on the entire software development process and is coupled with extensive practical sessions.

Participants

The training program is intended for software developers.

Applicants must have completed vocational training or a university degree program in computer science, business information systems or a comparable field. You should have basic knowledge of a programming language, such as Java. The practical exercises are based on Java, but can also be applied to other programming languages if required. 

The training course is designed not only for large corporations, but for small and medium-sized enterprises as well.

Content

Introduction

  • Raising awareness of the topic of security using practical examples
  • Definitions, delimitation and trends
  • Relevant security laws and standards
  • Role and tasks of a security champion

Defining requirements, analyzing risks

  • Defining security requirements
  • Software development lifecycle: Security as a topic in the agile development process
  • Risk analysis: Classification of risks and risk management

Becoming acquainted with and learning about methods

  • Secure design and defensive coding: Principles, templates and guidelines
  • Applied cryptography: Fundamentals, encryption, key management
  • Automatic and manual code reviews
  • DevSecOps: Declaration, problems and objective

The security champion in practice

  • Soft skills: Communication theories, role plays to train soft skills, knowledge transfer to colleagues, conflict management
  • »Coffee to know« - practical training to impart security know-how
  • Team-based homework for reflecting on the knowledge you have acquired and applying it to practical examples
key visualization Security Champion
© Fraunhofer IEM
The training lasts over a period of 13 weeks. Every 4 weeks, you will go through a circle of live-online sessions, self-study and online feedback phases in total of three times. In this way, you combine theoretical content with practical elements and continuously deepen your knowledge. After this training, you can take an oral exam (30 min) and, in addition to the confirmation of participation, you will receive a certificate with your exam result. By taking the final test, you document your knowledge and increase your chances of professional success.

Final exam

After this training, you will get the opportunity to take an oral exam (30 min.) and receive a certificate confirming your successful participation. By taking the final exam, you will be documenting the knowledge you have gained and will boost your chances of professional success.

Your benefits

  • You will be able to comprehensively consider the topic of security during the development of your software products and to involve your colleagues and product owners in this process.
  • You will gain a deeper understanding of the principles of secure software engineering.
  • You will be able to define security requirements for your company and perform a threat and risk analysis on your own.
  • You will learn to see things from an attacker’s point of view in order to identify potential security and safety vulnerabilities.
  • You will know how to evaluate information from vulnerability databases and derive the necessary steps for your business.
  • You will be able to apply the principles of defensive coding and security by design.
  • You will master the basics of applied cryptography, irrespective of tool providers, and learn to use them securely.
  • You will know how to perform manual and automated code reviews with respect to security.
  • You will be able to check the security of your applications with the aid of a build pipeline.
  • You will learn how to effectively communicate your security expertise and how to resolve conflicts regarding secure software development.