Software security training for product owners

The topic of software security is becoming increasingly complex. As a result, development teams must take more responsibility for the security of their products. A central role is played by the product owner, who is responsible not only for new features, but also for the security of the product. But how can the product owner take security into account on an ongoing basis? What are the tasks of a product owner and what needs to be considered when working with developers?

The aim of this training course is to provide you as a product owner with answers to these questions and to teach you all the relevant software security skills. Our primary focus is to ensure that you understand your roles and responsibilities, including your role within the company and the product team in relation to software security. To help you do your job to the best of your ability, we provide training in necessary skills such as risk management, incident response and methods to ensure that you have a capable development team.

The training content is applied in practice in our on-the-job coaching. In this format, our trainers coach you on an individual basis with regard to security challenges in your own development team. In this way, we strengthen your ability to function as a product owner in a very practical way and can take into account the specifics of your individual development environment.

• What are typical entry points for attackers?
• How do I identify and address security risks?
• How can I systematically ensure the security of my product?
• How can I build up the necessary skills in my team?
• How can I work constructively and effectively with my team of developers? 

Module 1: Raising awareness

• Self-assessment on the topic of software security
• Raising awareness of the topic of software security using practical examples and live hacking
• Presentation of a representative study on the state of software security in German companies

Module 2: Understanding of roles

• Understanding and being able to communicate the role of the product owner with regard to software security

Module 3: Software security basics

• Brief introduction to technical terms, protection goals and types of threats

Module 4: Risk management

• Relevant security laws and standards
• Defining security requirements
• Risk analysis: Classification of risks and risk management

Module 5: Product Security Incident Response

• Recognizing and responding to vulnerabilities and attacks
• Establishing a product security incident response team (PSIRT)

Module 6: Establishing software security

• Role and tasks of a security champion in the team
• Improving security skills systematically within the team
• Why investing in security is also an opportunity

Coaching on the job

• Applying the training content to your own product, e.g. conducting an initial risk analysis
• Reflecting on the insights gained with your own team, e.g. carrying out a retrospective review of security awareness and competence together with your own team

Final one-on-one reflective discussion with the trainers.

Product owner, product manager

After this training course, you have the option of taking an oral exam (30 min.), which we will explicitly state on your certificate of attendance if you pass. By taking the final test, you will be documenting the expertise you have gained and will boost your chances of professional success.

• You will understand why software security is an important topic and why you as a product owner need to take a proactive approach.
• You will learn about your role (responsibilities and tasks) with respect to software security and learn the skills necessary to perform them.
• You will understand why you need to actively demand that your teams embrace software security and how you can systematically ensure that your team has the necessary skills to do so.