Apr 23, 2015
If you aren’t careful, the costs of developer security training can quickly snowball. As well as the sticker price of security training, it’s essential to factor in the additional opportunity costs associated with training. These costs can vary hugely between classroom-style training, and eLearning courses – and to maximise your security training investment, it’s crucial to understand the real costs of developer security training.
Comparing Course Prices
Instructor-led courses typically take place over several days, in a classroom-style location, and cover a pre-determined course syllabus. Whilst this rigid model can ensure a good grounding in basic security principles, it fails to offer any degree of specialisation to suit your developers’ roles. With the additional overhead that comes with classroom training, these courses are usually markedly more expensive than eLearning courses – an additional cost which is worsened by the inclusion of potentially irrelevant topics.In contrast, eLearning typically uses a modular format, combining a handful of core modules with a wider selection of topical add-ons. These additional modules can be paid for on a case-by-case basis, ensuring that your organisation only pays for training that’s relevant to the developers taking it. This extra flexibility usually results in a lower cost, and greater relevance, than classroom-style training.
The Opportunity Costs of Classroom Training
Developers are highly skilled, and their time is a hugely valuable commodity. Any activity that takes developers away from the development environment will bring with it a very real set of opportunity costs, greater than the costs of their salary alone. This trade-off can make it very hard to justify security training, so it’s essential that training minimises the time developers are forced to take away from work.Classroom courses will often last two or three days, during which time developers will be completely detached from project work. In order to make courses as cost-effective as possible, it’s often necessary to enroll several developers at any one time. If you’re looking to enroll even half of your developers in a security course, this can quickly decimate your development team, and bring their current project to a standstill.eLearning courses can often be undertaken in shorter blocks, usually no more than a few hours in length. These shorter periods are much easier to fit in alongside project commitments, making it possible to gradually build up security knowledge without seriously impacting project work.In an increasingly fast-paced development environment, this means that organisations no longer have to block-off big chunks of time for security training – and don’t need to choose between the costs of poor security training, or the costs of delayed release dates.
Maximising the Return on Your Security Investment
All forms of developer security training incur some form of cost. In order to justify those costs, it’s essential that developers are receptive and engaged with security training, and willing to implement security practices into their day-to-day activities.Unfortunately, classroom-style courses can be a hard sell, especially to senior developers. With twenty, even thirty, years of experience, enrolling in an instructor-led course can feel like something of a regression; especially when that course can be detrimental to their primary goal of writing fast, effective, highly-functional code.eLearning courses can be more palatable, allowing developers to break security training down into smaller two or three hour chunks. Developers can complete the training on their terms without seeing their ‘day job’ suffer, and enjoy seeing their security knowledge grow in small but valuable increments. This can incentivise security training, and help developers fully engage with it – ensuring that every penny of your security training investment is put to good use.