Customer Success: Illumio Case Study

The Solution: Real World, Collaborative Hacking

After encountering the Security Innovation CMD+CTRL platform at an industry conference, Trupti instantly saw the power of a training program to groom developers to ‘think like hackers’ and instantiate her vision of a Purple Team. Illumio partnered with Security Innovation to run a cyber range event, “Hack the Bank”, for all teams simultaneously. They opted for the team mode, combining players from various roles and skillsets, to maximize information sharing as they learned attack techniques.

The cyber range event ran alongside computer-based training (CBT) learning labs focused on SQL Injection, Session Management, and Cryptography. Combining experiential learning with formal instruction helped team members translate knowledge into mastered skills.

The Result: Permanently Altered Secure SDLC Approaches

With the rise in continuous integration/continuous delivery, siloed Blue and Red Teaming efforts can slow down overall feature release. Proactively teaching developers Purple approaches will minimize security defects and the time spent fixing them. After just one training session, Illumio had a long-term blueprint for elevating their security training program and entirely new perspectives on how to reduce software risk.

1. Optimized Competency

Based on real-time performance assessments, training participants received detailed reports analyzing their strengths and learning opportunities. Illumio used these insights to target additional training with focused topics. Illumio also learned that its team possessed skills above the industry average – a valuable selling point for a cybersecurity company. Assumptions about skills and gaps were replaced with clear, actionable insights.

2. A Culture that Values AppSec

Having teams train together not only helped to decrease the strain introduced by cross-functional activities, but it created a shared vision and reinforced the company’s commitment to security. It also gave Illumio new insights into their overall team strengths and revealed valuable opportunities for mentoring (aka “security champions”).

3. Aspiring to New Heights of Excellence

Illumio plans to run future cyber range events at higher degrees of difficulty so that participants can reapply the skills they learned against new challenges and expand their security expertise. Illumio can now keep AppSec on pace with the company’s ambitions.

Choosing the Right Hands-on Training Platform

Prior to working with Security Innovation, Illumio developers had access to training through a secure coding training company that ran “tournament” style programs. Lasting only 90 minutes, it was focused only on secure coding through code-level exercises and was relevant only for participants in development roles. The event was not tailored to Illumio-specific learning elements – participants had to make it work on their own without the assistance or instruction of subject matter experts.

Security Innovation’s CMD+CTRL cyber range and CBT modules provided a robust platform to elevate Illumio’s application security program. By incorporating real-world hacking and exploitation techniques, members of technical and non-technical staff alike gained a good understanding of attack scenarios and their impact. The bar of product security awareness was raised, and participants are eagerly waiting for the next event.

If you want to create a culture of security-conscious team members who detect security defects faster and avoid common vulnerabilities during product development, explore Purple Team models. Train your entire organization on security through Security Innovation’s CMD+CTRL training platform.