Monday, February 20, 2017

Weekly Activity Summary Reports through Email

We have received a lot of feedback from managers on how important it is for them to keep track of user engagement on the Secure Code Warrior platform.

Understanding key metrics and being able to report on these over time using the existing CSV download has proven to be very useful in not only measuring engagement over time but also measuring the progress of users. Using the data available managers can gain useful insights such as the ability to see what effect time spent on the platform has had on the secure coding skills of their developers as well as being able to identify key areas for improvement.

Tracking activity on a regular basis and reporting is something that our clients tell us they do to ensure the success of the platform. To help with this we have created Weekly Activity Reports that Team Managers and Company Admins have the option to receive weekly via email.

The email report provides managers with a snapshot of the activity of users on the Secure Code Warrior over the past week:
  • User Summary - overview of total, invited, enabled and new users who joined.
  • Training Summary - statistics on time spent, top performers and most engaged users in the last 7 days
  • Assessment Training Summary - overview of activity of users invited to complete assessments
Company Admins can enable these weekly activity reports via their preferences is their account settings. 

Weekly Activity Summary Report

Tuesday, February 7, 2017

Serious Games - how you can use Secure Code Warrior in your organisation

In the past twelve months, we have been closely engaging with our early adopter clients to understand how they are using Secure Code Warrior, what the objectives were they were trying to achieve and how the usage evolved over time. We observed that the type of rollout highly depended on their own objectives, the challenges they were trying to solve and the maturity in cybersecurity and training:

"There is no security culture in our development community"
  • They tried classic CBT training and developers responded: "boring", "not relevant", "too high-level" on most products on the market
  • They organised in classroom training and the quality highly depended on the trainer, the developer's relevant experience in the coding language and the skill level of the developers in the class
They want something which ENGAGES the developers and makes them AWARE about security issues in software development.

"There is awareness but it does not result into less vulnerabilities"
  • They felt that everyone understood the importance of security but it was not always consistently applied in the code and the source code analysers consistently found the same flaws.
They want something which allows the developers to PRACTICE  on different situations and measure the overall SKILL level of the developer community

"There is a trained developer community but we need it formalised to compare internal and suppliers"
  • Suppliers, contractors or new starters did not have the same level of training the internal developers had received. 
  • Company or cultural context requires certificates to be handed out upon achieving objectives
  • A career path or skill progression model was required
They want to formally assess the SKILL level of the developer community and suppliers.