Consistent application security (AppSec) training for a distributed developer workforce is always challenging. And with thousands of technology specialists working across a variety of time zones and geographies, Citi needed a cost-conscious alternative to traditional offsite instructor-led training.
“In 2014, when I came on board to manage the AppSec awareness and training program, we were looking at training for around 12,000 employees spread over 54 countries,” said Peigi Maides, vice president of AppSec awareness and the training program manager of Citi’s chief information security office. “As you can imagine, the logistics of sending instructors for in-person training was beyond challenging—visas, paperwork for their equipment, scheduling around things like monsoon season—in some cases it could take over three months just to make the arrangements.”
“Citi began working with Black Duck to address both those logistics concerns and the fact that not all our development staff were getting the benefit of instructor-led classes because of travel and time constraints. The solution we implemented was a new virtual webinar class format for instructor-led training.”
Black Duck's Instructor-Led Training courses are developed and taught by experts at the forefront of the software security field. Instructors are certified security professionals who have hands-on experience working directly with clients on their security challenges.
Organizations can choose traditional instructor-led training in which instructors travel to the location of the client’s choice. Geared to engage the students through group discussion and interactive hands-on labs that simulate real-world environments, the curriculum is designed to best complement the needs, interests, and experience level of the participants.
For organizations with a distributed workforce, participants can avoid travel and time away from the office using Black Duck's Virtual Instructor-Led Training. A cost conscious alternative for supporting employees’ professional development, Black Duck virtual training is delivered in short sessions to optimize participant engagement, and presented over consecutive working days or on a weekly basis, depending on the team’s preference.
“For Citi, virtual training wasn’t all that much of a stretch,” said Maides. “We already did many things virtually. In such a large organization, it isn’t unusual for team members to be scattered geographically. Few of us have all our teammates at the same location. Our application staff was a bit uncomfortable with extending the virtual concept to training at first; they were used to being in the same room with an instructor. So we spent time working on making sure the participants felt as engaged as if it were an in-person classroom. That’s what Black Duck helped bring to the table for Citi. They walked us through the training, ran test training sessions, and developed how we could do breakout sessions and use whiteboards virtually.”
In Citi’s case, the virtual webinar class format included hands-on labs, breakout groups, live demonstrations, whiteboarding, videos, and polling.
“The format that Citi and Black Duck developed offers a great opportunity for team training—dynamic collaboration among the attendees to apply knowledge to common situations and problems faced by the team,” said Maides. “The virtual courses are tailored to the demands of global time zones and offers convenient training to more Citi staff members. One of the proof points that the format works is that the virtual classes have had much higher attendee rates than our traditional onsite training. And of course, we’ve seen a big reduction in wasted time due to travel logistics.”
“The response to the virtual webinar class format has been great from our application managers, info sec officers, security architects, developers, mainframe programmers, and new hires. They like the fact that they can join the courses at the time that best fits their schedules, and that it’s simple to sign up and attend. The full-featured virtual classroom setup is almost the same as if they were physically in the same room with the instructor. Altogether, Black Duck did a great job.”
Citigroup Inc., informally known as Citi, is an American multinational investment bank and financial services corporation headquartered in New York City. Today Citi has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
Black Duck Instructor-Led Courses are developed and taught by experts at the forefront of the software security field. Instructors are certified security professionals who have hands-on experience working directly with clients on security challenges. Companies with a distributed workforce can take advantage of Black Duck virtual training—live, instructor-led courses delivering in-depth training and online convenience.
Make software security training easy, relevant, and accessible
Learn about the 10 most common web and software app vulnerabilities
Download the reportLearn how to gain visibility and secure your apps across the enterprise
Download the white paperGet the trends and recommendations to help improve your software security program
Download the reportThree steps to consolidate your effort, insight, and tools
Download the guide