Certification Hub

Definition

Certification Hub is a Fluid Attacks program that promotes the professional growth of talent by supporting them in the study of programs related to the roles that they perform. For Fluid Attacks’ security analysts, the focus of the certifications is application security (AppSec).

Components

Fluid Attacks offers two types of benefits in this program. Talents have the possibility of requesting one or both types for the same certification.

Money

Fluid Attacks offers to pay for both the exam and the lab (where applicable), if necessary. The cost of the certification is covered with a 48-month retention period. In the event that either party decides to withdraw before the established time, the remaining time will be debited financially.

Time

Fluid Attacks offers a dedicated period of time for the study of the certification. This means that the talent is relieved of their workload so that they can dedicate themselves entirely to their certification. The duration of this benefit will depend on the attributes of the certification to be carried out.

Rules

• Dedicated time is managed by order of request and according to operational capacity.
• Talents who are on dedicated time must complete the progress report  form.
• All time invested in certification, whether working time or not, must be reported in Time Doctor under F/Entrenar - Certificacion.
• Once talent completes the study material, they must take the exam within the next three to six months, depending on the complexity of the certification.
• In case of retaking the certification, this retake must be presented within the following three to six months, depending on the complexity of the certification.
• Talent must not have another certification in progress when requesting a new one.

Application

To apply to the program, talents must send a request email to Fluid Attacks’ Administrative Director at apabon@fluidattacks.com with the following information:

• What certification do they wish to take
• If this certification requires a lab and voucher
• Approximate date on which they will take the exam
• Whether they need dedicated time, and if so, how much time

The request goes to the approval group. Once this process is completed, the HR Analyst will notify the applicant of the final decision and, in case the request has been approved, schedule the purchase. The talent must provide their credentials in the certification application to the Administrative area for the purchase and sign the promissory note.

Outcome

Fluid Attacks is deeply invested in the professional growth and development of its talent. The Certification Hub program exemplifies this commitment by providing talent with the resources and support necessary to attain industry-recognized certifications. Beyond individual development, the program directly contributes to the enhancement of service quality. By fostering a culture of continuous learning and expertise, Fluid Attacks ensures that its talent possess the most up-to-date knowledge, skills and tool usage , translating into more accurate vulnerability assessments for clients.

Furthermore, successful certification attainment is recognized as a significant achievement and a testament to the rigorous standards upheld by Fluid Attacks. The offensive security certifications earned by pentesters currently at Fluid Attacks are showcased on the company’s Certifications page , serving as a transparent demonstration of commitment to quality. When a pentester earns a certification not present on the page, it is promptly added. If that pentester leaves the company and no other pentester holds the same certification, it is then removed.

Other integrity measures

• Applicant evaluation 
• Awareness 
• Certified cloud provider 
• Certified security analysts 
• Comprehensive reporting 
• Developing for integrity 
• Monitoring 
• Production data isolation 
• Secure emails 
• SLSA compliance 
• Standard timezone 
• Static website 
• Training plan