Training Course Updates

Q3 2023 Release

July 2023

Security Innovation is proud to add a combined twenty-one new courses and labs to the CMD+CTRL training catalog for Q3 2023. Concentrating primarily on NICE Framework Work Roles such as Software Developer, Network Operations Specialist, amongst several others; all new content will be available to learners on July 25, 2023. Focuses include Secure Software Development, Infrastructure Design, Systems Integration, Risk Management, Vulnerability Assessment, and several others.

This content release includes:

• (12) IDE Code Correct Skill Labs
• (2) MITRE ATT&CK Skill Labs
• (3) Vulnerability Identification Learn Labs
• (4) New Courses
• (2) Updated Courses

In addition, we’ve deprecated one course based on Oracles announcement of their own deprecation of Java Security Manager.

NEW SKILL LABS

Our twelve new secure coding Skill Labs are available only in CMD+CTRL Base Camp and use an IDE to both find and correct insecure code based on vulnerabilities related to credential storage, input validation, and forced browsing.

Additionally, we are introducing two new labs based on techniques used by adversaries related to execute both Network Service Discovery and Software Discovery techniques as described by the MITRE ATT&CK® Framework.

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them all from the attacker’s point of view.
Consistent with Security Innovation’s overarching “Beyond the Code” mantra, Learn Labs keep organizations safe by highlighting vulnerabilities that can be recognized by most anyone involved in the SDLC — not just those closest to the code. Our focus this quarter is on vulnerabilities that can be found on a Cloud Infrastructure and Cloud-Native Applications.

NEW COURSES

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues faced by software development organizations. This quarter we focus on areas such as leveraging Artificial Intelligence, Cyber-Supply Chain Risk Management, Infrastructure-as-Code Security, and Java Programming.

UPDATED COURSES

The following are essential courses to our Java learning content. Each course has been updated to meet current graphic, interaction, and instructional design standards. Content has been changed to reflect any changes to the technology; platforms; products; or compliance requirements that may have occurred since release of the prior course version. For a detailed list of changes to each course please contact your Customer Success Manager directly.

Q2 2023 Release

April 2023

Security Innovation is proud to add a combined twenty-one new courses and labs to the CMD+CTRL training catalog for Q2 2023. Available to learners on April 25, 2023, our new training content focuses on areas such as Secure Software Development, Infrastructure Design, Systems Integration, Risk Management, and Vulnerability Assessment.

This content release includes:

• (12) IDE Code Correct Skill Labs
• (2) MITRE ATT&CK Skill Labs
• (4) Vulnerability Identification Learn Labs
• (3) New Courses

In addition, we’ve reworked 6 courses to meet Security Innovation instructional design standards and eliminate redundancies.

NEW SKILL LABS

Our twelve new secure coding Skill Labs are available only in CMD+CTRL Base Camp and use an IDE to both find and correct insecure code based on vulnerabilities related to credential storage, input validation, and forced browsing.

Additionally, we are introducing two new labs based on techniques used by adversaries related to execute both Discovery and Command and Control tactics as described by the MITRE ATT&CK Framework.

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them all from the attacker’s point of view.

Consistent with Security Innovation’s overarching “Beyond the Code” mantra, Learn Labs keep organizations safe by highlighting vulnerabilities that can be recognized by most anyone involved in the SDLC — not just those closest to the code. Our focus this quarter is on vulnerabilities that can be found on a Cloud Infrastructure and Cloud-Native Applications.

NEW COURSES

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues faced by software development organizations. This quarter we focus on areas such as leveraging serverless computing and backend-as-a-service.

UPDATED COURSES

The following courses have been updated to meet current instructional design standards and eliminate redundancies.

Course Language Localization

The following courses have been localized to French Canadian and will be available in the CMD+CTRL online learning catalog on April 25, 2023. Each course will be accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.

• COD 102 Challenges in Application Security
• COD 103 Creating Software Security Requirements
• COD 104 Designing Secure Software
• COD 105 Secure Software Development
• COD 106 The Importance of Software Integration and Testing
• COD 107 Secure Software Deployment
• COD 108 Software Operations and Maintenance

Q1 2023 Release

January 2023

Security Innovation is proud to add 20 courses and labs to the CMD+CTRL training catalog in Q1 2023, concentrating primarily on Enterprise System Architecture, Secure Software Development, and Vulnerability Assessment.

New content includes:

• (12) IDE Code Correct Skill Labs
• (2) MITRE ATT&CK Skill Labs
• (2) Vulnerability Identification Learn Labs
• (4) New Courses

In addition, four courses have been reworked to meet Security Innovation’s instructional design standards and eliminate redundant topics.

This release incorporates the recent introduction of CMD+CTRL Labs, which reinforces computer-based training courses by guiding your team through practical, hands-on exercises. Each of these “simulations” provides learners with vivid examples of real-world threat scenarios, then helps transform those experiences into tangible skills they can apply every day.

NEW SKILL LABS

Skill Labs are technical exercises designed to modernize your software development teams’ security skills. Skill labs give coders the tools to respond to and fix software security issues in safe, simulated environments.

This quarter, we’ll show you how error messages can reveal sensitive information to potential attackers. We’ve also developed several labs utilizing the MITRE ATT&CK® framework to reveal techniques that attackers use to identify the target’s network services and shares, create user accounts, and find unsecured credentials – so you can guard against them in the future.

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them all from the attacker’s point of view.

This quarter, learners will use Learn Labs to identify potential weaknesses in your applications, such as identifying when changing a password is a bit too easy or how failure to adequately monitor security logs can lead to problems.

NEW COURSES

The following courses will be added to the CMD+CTRL online learning catalog concentrating on Enterprise System Architecture, Secure Software Development, and Incident Response. Each course will be accessible via all Security Innovation Hosting Platforms (Base Camp, SI Shared, and Dedicated Portals) and SCORM Cloud Services.

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues faced by today’s software development organizations. This quarter, we pay special attention to securing hybrid cloud environments and how APIs can expose information about your network topology. We also introduce the concept of Threat Hunting: using security frameworks to identify stealthy attackers that have already slipped past your initial security defenses.

UPDATED COURSES

The following courses are part of the Secure Enterprise Infrastructure Series. Each course has been updated to meet current instructional design standards, with knowledge checks replaced by learner interactions.

Q4 2022 Release

October 2022

Security Innovation is proud to add 15+ courses and labs to the CMD+CTRL training catalog in Q4 2022 concentrating primarily in areas such as Enterprise System Architecture, Secure Software Development and Vulnerability Assessment.

New content includes:

• (4) IDE Code Correct Skill Labs
• (4) MITRE ATT&CK Skill Labs
• (4) Vulnerability Identification Learn Labs
• (5) New Courses

In addition, 7 courses have been reworked to meet Security Innovation instructional design standards and eliminate redundant topics.

This release incorporates the recent introduction of CMD+CTRL Labs, which reinforce computer-based training courses by guiding your team through practical, hands-on exercises. Each of these “simulations” provide learners with vivid examples of real-world threat scenarios, then helps transform those experiences into tangible skills they can apply every day.

NEW SKILL LABS

Skill Labs are technical exercises designed to modernize your software development teams’ security skills. Skill labs give coders the tools they need to both respond to, and fix, software security issues – in safe, simulated environments.

This quarter, we’ll show you how error messages can reveal sensitive information to potential attackers. We’ve also developed several labs utilizing the MITRE ATT&CK® framework to reveal techniques that attackers use to identify the target’s network services and shares, create user accounts, and find unsecured credentials – so you can guard against them in future.

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them — all from the attacker’s point of view.

This quarter, learners will use Labs to identify potential weaknesses in your applications, such as identifying when changing a password is a bit too easy, or how failure to properly monitor security logs can lead to problems.

NEW COURSES

The following courses will be added to the CMD+CTRL online learning catalog concentrating in areas such as Enterprise System Architecture, Secure Software Development and Incident Response. Each course will be accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues being faced by today’s software development organizations. This quarter, we pay special attention to securing hybrid cloud environments and how APIs can expose information about your network topology. We also introduce the concept of Threat Hunting: using security frameworks to identify stealthy attackers that have already slipped past your initial security defenses.

UPDATED COURSES

The following courses are part of the Secure Software Development Series. Each course has been updated to meet current instructional design standards with knowledge checks replaced by learner interactions.

Q3 2022 Release

July 2022

Security Innovation’s July release incorporates the recent introduction of CMD+CTRL Labs, which reinforce computer-based training courses by guiding your team through practical, hands-on exercises. Each of these “simulations” provide learners with vivid examples of real-world threat scenarios, then helps transform those experiences into tangible skills they can apply every day.

Our training program helps secure your software – and your organization – by offering two distinct lab types: Skill Labs and Learn Labs.

NEW SKILL LABS

Skill Labs are technical exercises designed to modernize your software development teams’ security skills. Skill labs give learners the tools they need to both respond to, and fix, software security issues – in safe, simulated environments.

New Skill Labs for Q2 2022 incorporate a virtual IDE to find and fix insecure code:

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them — all from the attacker’s point of view. Hints and guidance are based on each participant’s level of competency – and begin to build both an offensive and defensive mindset.

NEW COURSES

The following courses will be added to the CMD+CTRL online learning catalog concentrating in areas such as Enterprise System Architecture, Secure Software Development and Incident Response, will become available July 29, 2022. Each course will be accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues being faced by today’s software development organizations.

UPDATED COURSES

These 3 courses have been completely reworked to accommodate changes introduced in the OWASP Top 10 framework when the 2017 Top 10 was replaced by the updated 2021 version.

Q2 2022 Release

April 2022

Security Innovation’s April release incorporates the introduction of a completely new type of learning experience, SKILL LABS, which is available only for the new CMD+CTRL Base Camp platform. CMD+CTRL Skill Labs utilizes virtual machines to enable completely realistic environments which are appropriate for Intermediate to Advanced-level developers and cybersecurity professionals.

Many of these new Skill Labs concentrate on the use of an emulated IDE to both find and fix insecure code, while others use the MiTRE ATT&CK Framework to help defenders learn to choose appropriate defensive strategies when dealing with cyber-attacks.

Continuing down the path of vulnerability identification, Security Innovation has prioritized seven additional labs to help learners to step up their cybersecurity abilities.

NEW SKILL LABS

UPDATED LEARN LABS

The following Learn Labs finalizes the transition we began in Q1 from the OWASP 2017 standard to the latest 2021 standard. They also align with the latest OWASP 2021 Testing and Mitigations series and challenges found in the CMD+CTRL Cyber Ranges. Finally, we added coverage for Cloud & API vulnerabilities according to CSA Top 11 and OWASP API Top 10.

UPDATED COURSES

The following courses featuring updates to the latest 2021 OWASP Top 10 standard are now accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.

Supplementary updates on May 31

Q1 2022 Release

February 2022

In 2022, Security Innovation plans to ramp up the use of labs in our training program, as it has proven to be an effective (and popular) way to reinforce the concepts introduced in our online training courses.

Our first series of labs, released in October of 2021, helped learners to tap into the mindset of an attacker by helping them to recognize common code vulnerabilities. These first labs were based on the industry guidelines provided by OWASP – a non-profit foundation dedicated to improving the security of software.

Continuing down the path of vulnerability identification, Security Innovation has prioritized seven additional labs to help learners to step up their cybersecurity abilities.

NEW LEARN LABS

Q4 2021 Release

October 2021

Our Q4 update consist of new content focused on vulnerability identification techniques, secure Infrastructure-as-Code (IaC) deployments, web API and Cloud Service best practices, and cloud penetration testing. New learning experiences build in-demand skills while establishing a real-world connection that accounts for exposure to cyber-attacks, disruption, interruption, and many other impacts.

Q3 2021 Release

July 2021

Our Q3 update includes new and updated courses focused on Cloud Best Practices for Enterprise organizations, as well as attack and test techniques that teams need to safeguard their software and infrastructure – all while using the Google Cloud Platform.

Q2 2021 Release

April 2021

Our release this quarter focuses on two areas:

Our Q2 update entails a lot of new and updated content focusing on attack and test techniques teams need to safeguard their software and infrastructure.

Addition of MiTRE ATT&CK Framework coverage to understand attack techniques on software systems and infrastructure.

“Shift Right” to examine exposure points from an external perspective and defend applications, servers, systems, networks, and data from malicious attacks.

Consolidated related OWASP and CWE content based on the evolvement of new risks, weaknesses, vulnerabilities, and exploit techniques to eliminate redundancy.

Identify and eliminate vulnerabilities during development to keep pace as development teams take on more test functions with a new genre of courses; Software Development Testing (SDT).

Q1 2021 Release

January 2021

Our release this quarter focuses on two areas:

Enhanced coding interactions: make it easier to distill complex topics and commit knowledge to memory
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge.