security-training
Safeguard articles tagged "security-training" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Does gamification actually make security training work?
picoCTF drew 18,000+ participants in 2025, but research shows points and badges boost engagement far more reliably than they change security behavior.
Running internal CTFs to build real security skills on engineering teams
picoCTF drew 39,000 players in 2019 across 160 countries — proof that gamified security training scales. Here's how to run the same model internally.
Mapping security training and roles to the NIST NICE Framework
NIST's NICE Framework sorts cybersecurity work into 7 categories and 52 work roles — most security teams have never mapped a single job description to it.
Running Capture the Flag exercises for internal security training
DEF CON CTF has run since 1996, yet most engineering orgs still train security awareness with slide decks instead of the format that actually built the industry.
Capture the Flag in Cybersecurity: How CTFs Build Real Skills
CTFs compress years of security intuition into weekends of deliberate practice. The main formats, what each one actually teaches, and how to start without getting demoralized.
Why Security Training Completion Rates Don't Predict Secu...
Completion rates measure attendance, not behavior. Here's why training checkboxes don't predict secure coding outcomes, and what to measure instead.
CTF Cyber Security Competitions Worth Trying
A practical rundown of CTF cyber security formats and specific competitions worth an engineer's time, and how the skills transfer directly back to application security work.
How to Run a Tabletop Exercise for a Supply Chain Breach
A 90-minute tabletop built on a compromised dependency scenario will expose more gaps than a year of policy reviews. Here is the full agenda, injects included.
Security Awareness Training That Developers Don't Hate
Traditional security training is boring and ineffective. Here is how to build a training program developers actually engage with and learn from.