Safeguard
Tag

security-training

Safeguard articles tagged "security-training" — guides, analysis, and best practices for software supply chain and application security.

9 articles

DevSecOps

Does gamification actually make security training work?

picoCTF drew 18,000+ participants in 2025, but research shows points and badges boost engagement far more reliably than they change security behavior.

Jul 15, 20266 min read
Best Practices

Running internal CTFs to build real security skills on engineering teams

picoCTF drew 39,000 players in 2019 across 160 countries — proof that gamified security training scales. Here's how to run the same model internally.

Jul 10, 20266 min read
Compliance & Frameworks

Mapping security training and roles to the NIST NICE Framework

NIST's NICE Framework sorts cybersecurity work into 7 categories and 52 work roles — most security teams have never mapped a single job description to it.

Jul 8, 20266 min read
Best Practices

Running Capture the Flag exercises for internal security training

DEF CON CTF has run since 1996, yet most engineering orgs still train security awareness with slide decks instead of the format that actually built the industry.

Jul 8, 20267 min read
Culture

Capture the Flag in Cybersecurity: How CTFs Build Real Skills

CTFs compress years of security intuition into weekends of deliberate practice. The main formats, what each one actually teaches, and how to start without getting demoralized.

Sep 9, 20255 min read
DevSecOps

Why Security Training Completion Rates Don't Predict Secu...

Completion rates measure attendance, not behavior. Here's why training checkboxes don't predict secure coding outcomes, and what to measure instead.

Jul 19, 20257 min read
Culture

CTF Cyber Security Competitions Worth Trying

A practical rundown of CTF cyber security formats and specific competitions worth an engineer's time, and how the skills transfer directly back to application security work.

Jun 24, 20255 min read
Guides

How to Run a Tabletop Exercise for a Supply Chain Breach

A 90-minute tabletop built on a compromised dependency scenario will expose more gaps than a year of policy reviews. Here is the full agenda, injects included.

Jul 11, 20246 min read
Best Practices

Security Awareness Training That Developers Don't Hate

Traditional security training is boring and ineffective. Here is how to build a training program developers actually engage with and learn from.

Feb 20, 20247 min read
security-training — Safeguard Blog