Training plan

Fluid Attacks maintains rigorous standards for its technical teams. The company conducts a training plan that its talent must complete to ensure they have the essential skills in secure coding and application testing. They are required to send their certificates of completion to the relevant staff. Additionally, Fluid Attacks offers a program to foster further professional development.

Pre-entry certification

Pentesters joining Fluid Attacks are required to complete a pre-entry certification to ensure that they meet the technical level demonstrated in the selection process. Fluid Attacks covers the full cost of two certifications related to web or mobile application testing. These certifications are chosen according to the talent’s profile and must be obtained within a 45-day period.

Secure code training

At Fluid Attacks, it is mandatory for talent from the development and pentesting teams to complete training on several secure coding practices, thus fostering their capabilities for recognizing and avoiding common vulnerabilities.

Secure code training focuses on teaching individuals how to write code that is not only functional but also secure from different types of cyber threats. The main goal of this training is to ensure that software is developed with security as a key part of it. Also, by learning secure coding practices, individuals can identify vulnerable and noncompliant code more efficiently. Software development projects using this approach reduce their vulnerabilities, enhance their overall security posture, and promote a culture of strong application security.

Fluid Attacks uses the training course Developing Secure Software (LFD121)  by The Linux Foundation, as its content covers important security topics that can be useful in Fluid Attacks’ context.

Some of the topics are the following:

• Security basics
• Secure design principles
• Reusing external software
• Input validation
• Processing data securely
• Threat modeling
• Cryptography

Code review training

Fluid Attacks’ pentesters are encouraged to complete code review exercises on different programming languages. The goal with this is to have an in-depth and continuous code review training with real vulnerabilities.

Fluid Attacks has chosen PentesterLab  as our code review training provider. They provide a comprehensive and up-to-date list of exercises that are based on real-world scenarios.

Further training

Additionally, in line with fostering a culture of continuous learning and professional development, all talent has voluntary access to Fluid Attacks’ Certification Hub  program. In this program, they can apply for support to access additional industry-related certifications they are interested in. This helps individuals to pursue specialized knowledge and enhance their expertise beyond the initial training requirements. Moreover, all talent completes awareness training  that has a six-month recurrence.

Compliance training

Fluid Attacks mandates that all employees in compliance-related roles undergo essential training on standards and regulations. This privacy and security role training is crucial for legal compliance and the accurate fulfillment of critical obligations. The topics covered in the training will be used based on each role’s responsibilities.

The training chosen to comply with the requirements below is:

• Diploma in GDPR and Data Protection 
• Data Protection Officer Training 

The roles requiring compliance-specific training are Incident Manager, Data Protection Officer (DPO), Legal Analyst, Information Security and Privacy Manager, and Human Resources Leader.

Other integrity measures

• Applicant evaluation 
• Awareness 
• Certification Hub 
• Certified cloud provider 
• Certified security analysts 
• Comprehensive reporting 
• Developing for integrity 
• Monitoring 
• Production data isolation 
• Secure emails 
• SLSA compliance 
• Standard timezone 
• Static website