Home / Client Cases / Increased competence through Security Trainings

Increased competence through Security Trainings

Summary

Zacco was approached by a telecom regulatory agency that is responsible for facilitating provision of advanced and adequate telecommunication services at affordable prices creating an appropriate atmosphere to encourage fair competition, using frequencies effectively, localization of telecommunication technology and managing recent advancements in the country.  

The client security department had identified training requirements in the area of secure software development/ DevSecOps and Malware Analysis and Reverse engineering. Recognizing Zacco’s capability in these areas, Zacco was selected for these advanced training courses. 

Business Issue 

The client develops and uses various software solutions as part of its key business operations. There were numerous security vulnerabilities that were being identified during security assessment and audits. The audit finding has referred to the lack of secure coding knowledge with developers as well inability of integrating security into the organization’s DevOps cycle. 

Another major challenge faced by the Internal Security Operations Centre of the agency was that of lack of knowledge and skills in analyzing malwares and taking rapid actions for incident containment. The lack of skills and knowledge was reflecting in the time taken to respond to malware based advanced attacks.  

Challenge 

Some of the key challenges that Zacco addressed: 

  • Lack of overall knowledge about security within the development and DevOps team¬†¬†
  • Lack of knowledge and skills in embedding security within the DevOps pipelines and in secure coding¬†¬†
  • Lack of knowledge in static and dynamic sandboxing, analyzing malware families and strains,¬†de-obfuscation and reverse engineering¬†¬†

Solution 

Zacco conducted a twofold corporate training program for the agency. This included: 

  • Secure Code Development and DevSecOps Training:¬†The training¬†was focused on coaching¬†the developers, database administrators, system analysts¬†and architects to¬†understand¬†security¬†issues in coding and¬†start integrating¬†security tools right into the Integrated Development Environment. The program¬†included topics such as fundamentals of application security, secure software development cycle, threat modeling, source code audit, application exploit labs and embedding security in DevOps pipeline¬†¬†
  • Malware Analysis and Reverse Engineering:¬†The training was focused on¬†enabling the¬†first incident responders at Security Operation Centre of the agency¬†to respond effectively during the golden hour. The course included topics such as General malware analysis, basics of Windows internals, static analysis, advanced static analysis, dynamic analysis, Network and system forensic primer and Live Malware analysis labs.¬†

Zacco rolled out the follow up materials and courses on its eLearning platform so that client’s employees can revisit any topic of their choice that they learned at any time.¬†

Business Benefit 

Zacco had identified the exact weakness on the capabilities of the employees¬†and with the tailored courses ensured that the exact weakness is addressed.¬†Due to the training courses, the client has now started¬†embedding security within their DevOps pipeline. The client’s Security operations¬†centre-team is also able to respond swiftly to all malware-related incidents in an effective and efficient way. ¬†