In 2015, I was tasked with creating and delivering a security curriculum for “any takers” from within our 1200+ global innovation organization at Pitney Bowes. This was part of a continuous learning initiative that included 10 different key technologies for Pitney Bowes.
Our approach was to utilize in-house experts to lead each technology topic, and to let individuals self select the topic that was most interesting to them. As someone who is passionate about security, my main challenge was to develop a security course that is more than basic awareness — I wanted to make a difference! — but not so technical that you needed an advanced degree to understand it.
At Pitney Bowes, everyone is a craftsman of commerce. Within our global innovation team, we are developing and testing code that powers commerce applications. But we all have different skill sets. Some craft expert Java code. Some can craft performance tests. Others can craft solutions between physical and digital products.
In order to build a course that could appeal to these diverse skillsets, I used a study guide for the CompTIA Security+ certification. Since the book was used for a security certification, it covered all major topics including role-based access, encryption, network security, operating system security and business continuity planning.
If a participant wanted in-depth knowledge, they could obtain the certification. For those desiring basic knowledge, they could read the assigned chapters and then attend a monthly conversation that put these concepts in terms that were simple to understand. The depth of understanding was up to the student.
Once the class was halfway through the book, I assigned each participant a task to make a security improvement within their team.
The results were amazing!
Look at what some of the participants were able to accomplish…
- Two participants came from very different areas of the business: Postage Meter Rate Compliance and Location Intelligence. They compared notes on data security that is vital to each area and came up with best practices to follow.
- Do you wonder how security can impact user experience? One member of our globalization team organized a session with our Global User Experience team to share her course learnings, and to have me lead a discussion on security guidelines on user experience and security.
- One team member looked at the Accunetix tool and its capability to work in a continuous integration/continuous delivery environment.
- Open Source code can have vulnerabilities. One participant made sure that his product’s open source components were up to date with the latest patches and worked on establishing a process to keep them current.
These are some examples of the projects that were completed. There were others around raising awareness, changing test methodologies, and analyzing the environment that were just as valuable as the ones I’ve mentioned.
While these participants learned a lot about security and how to apply it, I think that they taught us all an important lesson. You don’t need any specific skills to contribute to a security program. With just some awareness and an idea, you can make a difference.