Updating our Technical Security Training and Advancement Program

ComplianceMajor InitiativesSecure Product Lifecycle (SPLC)

Security training should no doubt be a critical investment for organizations, especially in the current landscape with threats becoming ever more sophisticated. As we grapple with this complex environment, it is vital for employees across an organization to understand security best practices to help ensure the organization’s products and services – and those that use them – are kept safe.

At Adobe, we pride ourselves on doing just that. As part of our dedication to continually developing a stronger security culture, we recently launched a refreshed version of our Adobe Security Training & Advancement Program. While all employees go through mandatory annual security awareness training and activities, this program is designed to give our more technical staff – including engineers, product managers, program managers, and other interested team members – deeper security knowledge through more advanced training. Since the launch of this updated program we have seen even greater overall participation by our technical teams as well as positive feedback on the enhancements.

The Security Training & Advancement Program operates similar to the martial arts belt advancements, starting with a Green Belt and advancing to Brown and then Black Belt. Each of the belt levels denotes a higher level of individual security achievements. To help ensure that employees are getting the most out of the training, this refreshed program tailors different tracks to fit each employee’s specific job role and skillset.

Security Green Belt

At this level, certain employees are required to complete role-based e-learning modules. After enrolling, employees are given 90 days to complete the training, with periodic reminders throughout, so they don’t fall behind.

In addition to becoming more relevant and personalized, the training time has been cut down from approximately 21 hours to around 8-12 hours, without compromising quality and much needed content coverage. This has been accomplished primarily by giving employees an option to “test out” of a particular module on topics they’ve already mastered by successfully completing an exam on the module content. This allows them to focus instead on topics they are less familiar with. To remain relevant in an ever-changing world of security, we update the trainings and provide new content on a regular basis to help reflect new material and keep employees updated on the most recent security best practices.

Adobe partnered with Security Compass and (ISC)² to help ensure that our training programs are not just focused on Adobe-specific security best practices but align with broader industry standards as part of our commitment to help keep our customers and community safe through our products and services. Upon completion, not only will they have completed the Adobe Security Green Belt certification but are also prepared to take and pass the (ISC)² Secure Software Practitioner (SSP) Certification. Adobe covers the cost of this certification as an employee benefit to encourage as many of our technical staff members to complete the certification.

Security Brown and Black Belt

These belts are achieved through completing security tasks and projects that help further heighten Adobe’s overall security posture – for the company as a whole or for a specific product or service. Black and brown belts work with their management team to identity potential projects and develop a plan to complete them. The appropriate belt level is awarded upon successful completion and review of the project.

Through these Brown and Black Belt programs, our teams have completed more than 70,000 hours of security-focused engineering work that included projects and work within the greater security community.

Helping to Ensure Progress

In the previous version of our Security Training & Advancement Program, it was sometimes unclear how far employees were in the program as they progressed through their training and completed courses. This made it difficult to have visibility into belt status and monitor the progress. We have improved this process by integrating with our existing project management tools as well as our own e-learning solution, Adobe Captivate Prime. Custom dashboards help both employees and managers monitor progress.

Continuous Learning and Partnership

As part of our continued commitment to security, we now require that employees refresh the e-learning “Green Belt” training every three years. As the security landscape continues to shift and evolve, Adobe strives to keep our employees engaged and in-the-know about new content and skills.

This program refresh has helped heightened the organization’s security posture and has reinforced a culture of best practices. If the highest Black Belt rank is achieved those employees will be recognized at an awards ceremony honoring their dedication. Each belt level will also receive gifts such as stickers, hats, backpacks and t-shirts as they advance in the program while hoping to inspire others to take part in such pivotal work. Through the efforts and success of the Adobe Security Training & Advancement Program we have no doubt that our employees will continue to foster a culture of security excellence, helping to ensure the safety of our customers and community.

Isaac Painter
Security Training & Advancement Program Lead

Compliance, Major Initiatives, Secure Product Lifecycle (SPLC)

Posted on 08-29-2019