Security Awareness & Training

Providing education to staff is a preventative control to help reduce the likelihood of security issues surfacing within your environment. PrivSec provide general security training to staff, along with specific training to developers around secure coding. 

Phishing Simulations

We break down the traditional phishing engagement into distinct stages looking at the efficacy of different protections instead of working out simply if a phishing email is clicked on by a user or not. This approach allows you to better understand which parts of the chain need some work rather than simply knowing how many emails were clicked on.

Secure Code Training

PrivSec will come on site with your development team, or host you for the day, and provide you with a day of secure development training. This will cover:

• A detailed overview of the OWASP Top Ten Web Application vulnerabilities.
  
• Multiple real world examples and case studies of exploited vulnerabilities.
• Hands on experience exploiting these vulnerabilities on a custom web application
• Techniques and tooling to identify and exploit these bug classes, using both source code analysis and dynamic testing techniques.
• Remediation steps and techniques to mitigate and avoid these issues.

This is an interactive session, where your developers will come away with real world experience as to how to identify and exploit real security vulnerabilities.

NZISM Basics

We have a wide range of experience in All of Government audit processes, and in particular have a deep knowledge of the New Zealand Information Security Manual (NZISM). Our NZISM training covers the following:

• What the NZISM is
  
• How to read the NZISM
• The C&A process
• Roles & Responsibilities
• The key controls within the NZISM

This is a great way for project managers, architects and those new to the security field to get a solid basis on how to navigate the NZISM.