As the security landscape continues to shift, it’s vital to continue to enhance protections in your organization’s products and services. Effective security leaders understand that a strong security posture doesn’t start and end with the security team, it must have commitment from the organization at large. This commitment takes passion and persistence, requiring security leaders to serve as advocates and educate colleagues from all parts of the company to help encourage a strong security culture.
At Adobe, this comes in the form of continuous education, events, and activities for all employees. Like many organizations, every employee is required to go through a mandatory annual security awareness training as best practices evolve with the ever-shifting threat landscape. However, our Security Training & Advancement Program takes this a step further, aiming not only to instill best practices in employees but also create and maintain embedded security champions throughout the organization, giving more technical employees—including engineers, product managers, program managers, and other interested team members—a deeper set of security skills to help ensure we lead with security-by-design.
Rather than a one-size-fits-all approach, education programming is tailored to account for employees’ specific job roles and technical knowledge—whether they’re an iOS developer, Android developer or software architect. We’ve also seen greater success in partnering with leading organizations like Security Compass and (ISC)² to help ensure our training program is not only focused on company-specific best practices but also aligned with broader industry standards. This can be a major incentive for participants as they can walk out of the Security Training & Advancement Program prepared to take the (ISC)² Software Security Practitioner Certification Exam, helping to build industry-certified credibility.
Beyond trainings, we also encourage organizations to use key moments like National Cybersecurity Awareness Month (NCSAM) to re-engage their larger employee base on cybersecurity and celebrate the incredible work the security team does. Every October, Adobe engages employees in events throughout the month, hosting speakers—including internal experts and industry guests—and organizing activities such as an annual internal bug bounty, an exploitation workshop and capture the flag activities. For our non-technical employees, we host events at different office locations that appeal to security best practices they can implement in their personal lives that will naturally carry over into their work life.
This year, we’re also launching a series of security awareness videos that bring these best practices to life in an entertaining and easy-to-understand format, making ongoing learning accessible and easy to share at offices across the globe.
NCSAM is a great opportunity to bring security to the forefront of your organization, but it’s important to keep your employees engaged year-round. Our own efforts have no doubt encouraged our employees to foster a strong security culture, and we’ve seen a growing interest in the work we do as a result. Building excitement around what some consider to be an intimidating topic can help foster security culture across your organization, and in turn, help enhance the safety of your customers and community.