Learning Paths

Your Journey To Security Guru Starts Here

Constant release cycles, dynamic tech stacks, and cross-functional demands are diversifying roles:

  • Developers self-provision infrastructure and work in deployed environments
  • Operators control infrastructure with code and “keep the bad guys out”
  • Defenders report problems straight into defect management systems

Our learning paths consider emerging responsibilities within Development, IT, and Security teams. Core, Advanced and Elite tiers guide you to the specialization needed.

We remove the complexity. You get smarter. It’s a win-win.

View 45+ Learning Paths

  • Specialty Area & Standards

    Content is based on NIST’s NICE workforce framework, a pragmatic and popular approach focusing on job function, skills, and ability.
    By assigning competency IDs, it’s easy to map to other standards and guidelines, including:

    • CSSLP: 140 courses cover 7 domains
    • CWE: 135 courses cover 37 weaknesses
    • OWASP: 140 courses cover each risk
    • NERC: 89 courses cover 29 controls
    • GDPR 83 courses cover 6 articles
    • ISO 27001: 92 courses cover 67 controls
    • PCI DSS: 127 courses cover 39 requirements
    • NIST 800-53: 141 courses cover dozens of guidelines
    • HIPAA: 55 courses cover 164.312 and 164.308
    • NICE: 155 courses cover 10 specialty areas
    • View all coverage or download compliance mapping
  • Job Roles

    While many organizations have internally defined job roles, they often need to be tweaked for increased specialization. For example, front-end developers need different training than back-end developers because client-side vulnerabilities differ from those introduced by web services, APIs, and other back end technologies. Our learning paths reflect these subtle but important distinctions.

  • Tech Stack

    Learning Paths are organized by development language, deployment platform, application framework, and other technologies. Quarterly content releases ensure you are always equipped to defend against the latest attacks and implement digital strategies securely.

  • Skill Level

    Fast track to excellence. Learning paths are sequenced such that each course builds upon concepts learned in previous ones. This ensures that security principles are understood before jumping into technology, language, or framework-specific courses.

    While there are a few outliers, courses generally fall into 3 levels:

    • 100 level – builds foundational “what needs to be done” knowledge with principle and awareness topics
    • 200 level – focuses on “how to do it” in specific languages, platforms, environments, and deployments
    • 300 level – advanced topics that warrant a deeper dive to a specific technology, methodology or vulnerability
  • Spoken Language

    The following courses are available in Chinese (S), Spanish (LA), and French (CF):

    • OWASP Top Ten: Threats & Mitigations series (10 courses)
    • How to Test for the OWASP Top Ten series (10 courses)
    • Testing for CWE SANS Top 25 Software Errors
    • Secure Software Concepts
    • How to Perform a Security Code Review
Build any desired skill quickly

Purpose-Built Content: Customer and Industry Input

We maintain an open dialog with customers and solicit feedback on how to improve coverage, interactivity, and success.

Our research team actively consults with leading analysts, attends cutting-edge presentations at industry conferences, and interfaces with our own internal subject matter experts to ensure we’re always one step ahead of the threatscape.