Monday Dec 18, 2023

#160 - Secure Developer Training Programs (with Scott Russo) Part 1

In this episode of CISO Tradecraft, host G Mark Hardy invites Scott Russo, a cybersecurity and engineering expert for a deep dive into the creation and maintenance of secure developer training programs. Scott discusses the importance of hands-on engaging training and the intersection of cybersecurity with teaching and mentorship. Scott shares his experiences building a secure developer training program, emphasizing the importance of gamification, tiered training, showmanship, and real-world examples to foster engagement and efficient learning. Note this episode will continue in with a part two in the next episode

ISACA Event (10 Jan 2024) With G Mark Hardy -

Scott Russo -

HBR Balanced Scorecard -

Transcripts -

Youtube - 


  • 00:00 Introduction
  • 03:00 Overview of Secure Developer Training Program
  • 04:46 Motivation Behind Creating the Training Program
  • 06:03 Objectives of the Secure Developer Training Program
  • 07:45 Defining the Term 'Secure Developer'
  • 14:49 Keeping the Training Program Current and Engaging
  • 21:10 Real World Impact of the Training Program
  • 21:46 Understanding the Cybersecurity Budget Argument
  • 21:58 Incorporating Real World Examples into Training
  • 22:26 Personal Experiences and Stories in Training
  • 24:06 Industry Best Practices and Standards
  • 24:18 Aligning with OWASP Top 10
  • 25:53 Balancing OWASP Top 10 with Other Standards
  • 26:12 The Importance of Good Stories in Training
  • 26:32 Duration of the Training Program
  • 28:37 Resources Required for the Training Program
  • 32:23 Measuring the Effectiveness of the Training Program
  • 36:07 Gamification and Certifications in Training
  • 38:56 Tailoring Training to Different Levels of Experience
  • 41:03 Conclusion and Final Thoughts


Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright 2024 All rights reserved.

Podcast Powered By Podbean

Version: 20240320