Security Innovation CMD+CTRL

CMD+CTRL is a training program offered by Security Innovation, Inc. that focuses on software security. According to the vendor, it aims to upskill the cybersecurity talent of organizations by providing customized training based on roles, preferred technology, and experience level. The program is suitable for organizations of all sizes and caters to a wide range of professions including software developers, architects, administrators, engineers, analysts, and managers. It is said to be widely adopted across industries such as technology, finance, healthcare, government, and retail.

Key Features

CMD+CTRL Base Camp: According to the vendor, this feature offers customized training based on role, preferred technology, and experience level. It provides varied learning experiences to increase engagement and ingrain new knowledge and behavior. The training is structured around key enterprise/learner goals and objectives and includes every learning module in the CMD+CTRL Knowledge Library.

Courses: The vendor claims to offer over 240 courses geared towards all roles and skill levels across the software development lifecycle (SDLC). These courses cover various types of software, including cloud, web, mobile, IoT, embedded, and blockchain. They address every phase of the SDLC, from requirements to maintenance, and methodologies like DevOps and Agile. The courses also cover different ingredients of software, such as native code, APIs, open-source, COTS, libraries, and frameworks.

Labs: According to the vendor, this feature reinforces training and provides practical, guided scenarios with over 100 available labs. Learn Labs focus on identifying common application security vulnerabilities and understanding their impacts, while Skill Labs provide technical exercises to modernize software development teams' security skills, including attacker techniques and secure coding.

Cyber Range: The vendor describes this feature as ultrarealistic ranges designed to inspire and challenge the entire team. These pre-configured environments represent web sites, cloud platforms, and complex mobile and Single-Page Applications (SPA). Players can find information disclosures, probe the tech stack, and search for vulnerabilities. Points are awarded for successful exploits, and the dashboard provides insights into completed and unsolved challenges, hints used, and performance.

SI-CSC Certification: According to the vendor, this feature is the industry's top certification for secure software development. It recognizes and distinguishes employees who demonstrate high-level software security competencies. The certification is said to motivate every role and skill level across the SDLC while reducing organizational risk by ensuring employees have the right knowledge and skills. It is presented as a verifiable and measurable way to demonstrate commitment to the profession.

Learning Paths: The vendor states that learning paths are designed for different job roles, tech stacks, and skill levels. The content is based on NIST's NICE workforce framework and mapped to other standards and guidelines. The vendor claims that sequenced courses build foundational knowledge and progress to advanced topics. Learning paths are available in multiple languages, including Chinese, Spanish, and French.

Reporting: According to the vendor, automated reporting dashboards provide insights at the individual and group level. Reports include total scores, vulnerabilities found, hints used, and recommendations. They help baseline staff competency, track improvement over time, map performance to focused training plans, and identify talents and additional training requirements.