NEW RESOURCES

2024 Cybersecurity
Awareness Month Kit

About this kit:

This Cybersecurity Awareness Month we created a DevSecOps Hero Kit that will make sure you are ready to enable both your Security and Development teams to build more secure code without sacrificing velocity or agility.

How to use it:

You’ll follow the steps for each week, we’ve provided free learning resources you’ll find in each of the weekly tabs including modules, emails, and other content.

We encourage you to use one of our themed backgrounds found here in each weekly tab!

Click on each tab to get the full week-by-week curriculum and view the assets. Need some help figuring out how to use the kit at your company? Sign up here for a consultation

Download Module: Week 1Download Wallpaper: Week 1

WEEK ONE

DevSecOps Fundamentals

Kick off your program and launch Cybersecurity Awareness Month with a training module that covers the basics of DevSecOps.

Enhance your kickoff meeting by using one of our themed virtual backgrounds. Inform attendees that they will receive weekly emails with links to the cybersecurity materials.

P.S. Want to get everything scheduled in advance so you don’t have to worry about the next crisis derailing your DevSecOps heros? Here’s how to do it for GMail, Exchange & O365

Day 1: Send Your First Email

Subject: Welcome to DevSecOps Awareness Month!

October is Cybersecurity Awareness month, and this October we’re making it DevSecOps Awareness Month. While the term DevSecOps is nothing new to any of us, this is still an ongoing transformation, so we want to make sure all teams – security and development alike – have a strong foundation as we integrate security into the SDLC to build better organizational resilience, without sacrificing velocity or agility.

And with that, this week will be back to Basics. Our first module will cover the Fundamentals of DevSecOps from a brief history to understanding security defects and how to adopt a security mindset, without having to become a security expert. Additional resources are available at the end of the module.

You can view the presentation of the module here, or take yourself through the slides directly here.

Thank you for your attention and commitment to building cyber-resilient software.

- Your Friendly Neighborhood DevSecOps Champion

Day 4: Tip Email

Subject: DevSecOps Tip of the Week: Using CWEs

Hello Team,

Vulnerabilities are not just lines of code found by scanner, but could be misconfigurations or even just poorly applied logic. This is where the Common Weakness Enumeration (CWE) can be used to improve secure coding by integrating it into their development process to proactively address common security issues, reducing the chances of introducing vulnerabilities early in the development cycle.

  • Reference CWE during development: Use the CWE list as a guide to common vulnerabilities relevant to your project.
  • Create a security checklist: Identify key CWEs, like input validation flaws and authentication weaknesses, and use them during code reviews.
  • Proactively address issues: Tackle security weaknesses early in development to reduce vulnerabilities.
  • Incorporate CWE into tools: Integrate CWE references into static analysis tools for automated detection of security flaws.

Challenge Your Self: Read about CWE-862: Missing Authorization and think about a recent project. Was the code missing authorization? How could you have prevented it?

Haven’t had a chance to review this week’s module yet? It’s not too late – get it here.

Download Module: Week 2Download Wallpaper: Week 2

WEEK TWO

Vulnerability Management

In Week 2, we’ll introduce the importance of integrating security into the SDLC with a focus on not just how it benefits security teams, but also development teams with improved productivity and fewer security surprises.

Day 7

Subject: Managing Vulnerabilities like Bugs

Team -

Now that you have your DevSecOps legs under you, this week, we’re diving into how to manage vulnerabilities as part of the development workflow. Vulnerability management is not all or nothing, but rather understanding which 5% must be fixed, the other 15% that can be fixed later, and the remaining 80% that needs to be monitored – not much different than managing bugs in a backlog.

When you understand how to do risk-based vulnerability management, security is no longer noise in the SDLC, but rather an asset in ensuring on-time, on-budget, on-spec delivery. Find out more in this week’s module here

In addition, check out this list of 10 common types of vulnerabilities.

Day 10

Subject: Rescoring Vulnerabilities

Did you know that you can rescore vulnerabilities based off of what your priorities are for an application? This helps you prioritize your security backlog based on the needs of the business and the application.

Challenge: Find a recent vulnerability either from one of your tests, or in the recently reported section on the NVD, and pull it up in the National Vulnerability Database here: NVD - Home (nist.gov). Click on the Base Score indicator – this will take you to the CVSS calculator. Change the Environmental Score Metrics and see how the score changes. Would you still fix it or just monitor it?

Download Module: Week 3Download Wallpaper: Week 3

WEEK THREE

Integrating Security into the DevOps Workflow

Welcome to Week 3 of the DevSecOps Hero Kit! This week, we dive into Integrating Security into the DevOps Workflow—a crucial step in building secure, resilient applications.

As software development teams move faster than ever, security must move just as quickly to keep up. In this module, we’ll explore strategies for identifying and managing vulnerabilities throughout the software development lifecycle (SDLC), without sacrificing agility or user experience. By embracing a DevSecOps mindset, you’ll learn how to weave security seamlessly into your DevOps pipeline, ensuring continuous protection and compliance at every stage.

Week 3 Email

Congratulations on making it to Week 3 of DevSecOps Awareness Month! Your dedication and active participation in learning and fostering a security-first development mindset is the first step in achieving the promise of DevSecOps.

This week, we’ll focus on how to bring all the Dev, Sec, & Ops pieces together to bridge the gap between security and development teams so that you can get more secure software without sacrificing velocity or agility.

Day 14

Subject: Integrated Security doesn’t Mean Sacrificing Velocity or Agility

Team -

Our final module this week takes a deep dive into improving collaboration between development and security teams. In software development, the success of DevSecOps depends heavily on the ability of Dev and Sec teams to work together. This module focuses on breaking down silos, fostering a shared responsibility model, and ensuring security is seamlessly integrated into the development process without hindering innovation.

We’re excited to introduce our final module, focusing on Improving Collaboration Between Development and Security Teams. This module explores how Dev and Sec teams can break down silos and work together seamlessly to integrate security into the development process. You can view it here.

Day 17: Tip Email

Subject: Try on a new pair of DevSecOps shoes

Automation is great, but so is talking. 

Challenge: Put yourself in the other team’s shoes. If you’re in Development, grab a colleague from Security or if you’re in Security, grab a colleague from Development for a 30 minute conversation and ask them what their day to day is like, and then share yours. Time box the conversations – 10 minutes for you, 10 minutes for your colleague, and 10 minutes to brainstorm 1 way you could engage each other in your existing workflows.

Download Wallpaper: Week 4Download EoP Game and Score Card
WEEK FOUR

As we conclude DevSecOps Awareness Month, it’s time to celebrate the DevSecOps heroes you’ve made this month! And what better way to do that than with a party.

Elevation of Privilege is a threat-modelling card game that takes the principles they’ve learned the last 3 weeks and allows your team to apply them in various scenarios. Easy to play remotely or in-person, Elevation of Privilege is a fun way to turn all these lessons into a life-long security integrated development mindset.

Have you not had the chance to play EoP yourself? Sign up for Wabbi’s community EoP game on October 24th at 4PM ET here. You’ll receive a physical set of cards and Wabbi koozie puffer to keep your beverage cozy with these fall-ing temps. Need a prize for your winner? Reach out to Wabbi and we’ll coordinate an option with you!

Join Us for Elevation of Privilege

Day 21

Subject: Wrapping Up DevSecOps Awareness Month – Let’s Party

Hello Team,

We hope you've been making the most of the DevSecOps resources we've shared over the past few weeks. These resources will continue to be available to you, but don’t ever hesitate to reach out if I can be a resource as well.

To celebrate a month of great progress in building a DevSecOps culture, we’ll be hosting an Escalation of Privilege game, which will allow you to apply the fundamentals of the last weeks in a fun, easy to understand way – and a chance to bond with your fellow DevSecOps heros.

We’ll of course take some time to review key takeaways from the month, and I’d love to hear what was most helpful and where we could improve in the future. But of course, don’t hesitate to reach out directly with any comments or questions as well.

Thanks for your participation! I hope to see you on the [insert date and time here]

Subscribe to stay
Stay up to date on the latest in cyber security and how you should be protected.
Connected
Subscribe to stay
Stay up to date on the latest in cyber security and how you should be protected.
Connected
Learn how our solutions can streamline your Application Security program.
Get Insights on AppSec Orchestration
Learn how our ASPM program can streamline your application security.
Get Insights on ASPM SOLUTIONS
Learn how our DevSecOps program can integrate security into your development.
Get Insights on DevSecOps Solutions