FAQs

Why choose SafeStack

  • We created SafeStack because we believe everyone has the right to do what matters to them safely and securely, and we want to make cyber security and privacy skills a superpower anyone can have, whatever their role or organization size.

    Our training is flexible, people-focused, and created by industry experts. It’s easy to roll out to everyone who needs it, and because it’s ongoing, learners can maintain momentum and keep their skills and knowledge sharp as the online environment changes. You can get started on our Free plan whenever you’re ready.

    Our programs each have their own focus, but they’ll all help you manage your risk in a way that involves and empowers your team. Everyone has a part to play in staying safe online, and SafeStack will help your team grow their cyber security and privacy superpowers.

    Secure Development

    This program gives your development team the skills they need to build cyber security into their entire software development lifecycle (SDLC).

    This helps your organization in a couple of key ways.

    • Cyber security becomes a shared responsibility, making you less reliant on security specialists.

    • Cyber security is woven throughout your SDLC, helping you avoid the pain and expense of not finding out about security issues until you’re in the implementation phase.

    Security Awareness

    Cyber security has an impact on every organization, big or small — and security awareness education doesn’t need to be out of reach just because you don’t have a dedicated security or learning and development team.

    This program makes it easy for smaller organizations to build their cyber security knowledge and skills, and the bite-sized courses — between 5 and 12 minutes long — are short enough that your team can fit them around whatever else they need to do, no sweat.

  • When it comes to cyber security and privacy, we all have a responsibility to keep our skills up to date as the world around us changes.

    We’ve made our programs ongoing so our learners can top up their skills as needed, and so we can be sure to provide the content that’s most relevant.

    Adding new courses throughout the year helps our learners think of good cyber security and privacy behaviors as a daily practice, which they can cultivate by building a toolkit of skills and approaches that empower them to stay safe.

  • A healthy cyber security culture is one where everyone on your team feels supported, empowered, and engaged in learning about security, and where each person plays their part in keeping your people, systems, and data safe.

    We care enormously about helping organizations build cyber security cultures, and we use different elements of our programs to do that.

    Secure Development

    Community connection is a key aspect of this program, and your learners will become part of the security community we’re helping to build and cultivate.

    Every paid membership includes access to:

    • The SafeStack Community, a purpose-built online platform designed to support peer-to-peer collaboration.

    • Monthly online seminars on a range of secure development topics, where learners can connect with each other and our team.

    Security Awareness

    We’ll help you build a cyber security culture in your organization by providing you with extra support each time we release a new course.

    As a member of this program, you’ll receive:

    • Advance details of the next course to be released, including the topic, key messages, and key learning actions.

    • Suggested activities, plus articles to read and share with your team.

    • Suggested tools and controls your team can use to turn what they’re learning into new behaviors.

  • We’re confident they will! Here’s some more about what they can expect.

    Secure Development

    This program features:

    • Self-directed interactive learning in video format with closed captions.

    • Hands-on labs where learners can explore concepts and test their knowledge.

    • Access to the SafeStack Community, , where learners can connect with a community of like-minded people to share challenges and approaches with.

    • Monthly online seminars hosted by our team.

    • Verified, shareable credentials that learners earn by completing courses.

    Security Awareness

    These programs feature:

    • Bite-sized, interactive courses packed with helpful, practical cyber security tips.

    • Real-life examples to show learners how the actions and behaviors they’re learning relate to their everyday lives.

    • Custom graphics and friendly mascots that bring color and fun to even the most serious of topics.

    • Short multiple-choice quizzes to check learners’ understanding of what they’ve covered.

    • Printable resources and links to related information to help learners keep building their knowledge.

    • Our fear-free, practical approach makes cyber security and privacy education welcoming and relevant for all learners, whatever their experience or role.

    • All our programs are ongoing, people-focused, and flexible.

    • We believe cyber security and privacy education should be available to organizations of any size, so we offer a Free plan and we don’t have any minimum seat requirements.

    Secure Development

    • Our content moves beyond syntax-level thinking to a systems-level approach. We teach the design patterns needed to identify the causes of vulnerabilities, regardless of the underlying technology being used.

    • We also teach essential skills like threat assessment and security testing, so the whole team can collaborate on security early and often.

    • Our training is relevant for the whole development team, not just developers — this means security is woven through the entire SDLC.

    • We’re building a community of learners who can support each other.

    • Elements like the SafeStack Community, monthly seminars and office hours help our learners stay motivated and feel supported.

    • Hands-on labs give learners a chance to test their knowledge.

    Security Awareness

    • Our courses are bite-sized, fun, and engaging.

    • We empower learners with practical tips they can use right away.

    • Our friendly mascots are sure to win over even the most reluctant of learners.

Secure Development

  • By regularly adding new courses and other content to this program, we keep it in line with industry trends and emerging threats, making it as relevant as possible for our learners.

    Head over to our Courses page to learn more.

  • Most organizations develop software in a range of languages, and they need to support systems across older, legacy stacks. We teach the design patterns needed to identify the causes of vulnerabilities, regardless of the underlying technology being used.

    We’re happy to say our customers agree this approach works, finding they can easily apply what they learn across different languages.

    We also teach essential skills like threat assessment and security testing, so the whole team can collaborate on security early and often.

  • Sure is. Our training is completely flexible, so learners can work at the pace that suits them. Our platform keeps track of where they’re up to, so they can pick up where they left off the next time they log in.

  • Learners can expect to spend anywhere between 1 to 6 hours completing a course, depending on which one they’re doing. Each course is organized in modules of up to 20 minutes, so it’s easy to dip in and out as needed.

    Working through the labs can take a little longer. This varies from learner to learner, as some people are more or less familiar with what they need to do to solve them.

  • Nope! It’s made for anyone who works on a development team, including developers, QA, testers, architects, DevOps, and design specialists.

    The program starts with foundational concepts before moving on to more advanced subjects. This happens over multiple courses, so learners have time to develop their knowledge. The more advanced courses show that learners are familiar with certain development principles and techniques.

    The complexity of each course matches up with our digital credential levels, so starting with the courses that offer Level 1 badges will help learners build their skills in a manageable way.

  • Online labs are a hands-on component of this program, where you can explore concepts and test your knowledge.

    Find out more in our knowledge base article about labs.

  • Monthly online seminars are included as part of all our Secure Development memberships. Hosted by our team, these seminars are designed to add to our learners’ experience and help them build a community of like-minded people to share challenges and approaches with.

  • Digital credentials are a verified, shareable way of recognizing learners for completing courses. We’ve partnered with Credly to offer these for all our Secure Development courses.

    Find out more about courses and credentials.

How we help with compliance

  • Meeting compliance requirements can be a headache. We love making the process easier for organizations, and our training is designed to support that.

    Our Secure Development program helps development teams learn how to design security into their software right from the start, and our Security Awareness program helps teams understand and apply good security practices in everyday situations.

    Our programs will help you meet compliance requirements relating to:

    • PCI DSS

    • ISO/IEC 27000 series

    • SOC 2

PCI DSS

  • PCI DSS stands for Payment Cards Data Security Standard, and organizations need to meet this standard if they’re handling credit card data. The objective of PCI DSS is to protect card data from threats and to minimize data breach risks.

    By meeting PCI DSS requirements, you’re making sure you’re accepting credit card payments and handling cardholder data in the right ways, and you’re keeping your business and customers safe.

  • We’ve created our PCI DSS content based on our hands-on experience helping teams navigate PCI DSS compliance. We promise our courses will help you do the same.

    Our courses cover the PCI DSS compliance requirements listed below.

    • Understanding information security

    • Protecting stored cardholder data

    • Developing and maintaining secure systems and applications

    • Testing security systems and processes

    Secure Development

    Our Secure Development program helps development teams build and maintain secure systems and applications with compliance requirements built into system design from the start.

    Security Awareness

    Our Security Awareness program includes courses that deal specifically with PCI DSS. These are ideal for giving teams an overview of what PCI DSS is all about and what types of behaviors impact compliance.

ISO/IEC 27000 series

  • The ISO/IEC 27000 series is a set of standards designed to help organizations improve their information security. They’re jointly published by the International Organization for Standardisation (ISO) and the International Electrotechnical Commission (IEC).

    Most organizations audit themselves against these standards when they want to have their security practices certified.

    The ISO/IEC 27000 series applies to organizations of all shapes and sizes, and covers a broad scope of security topics including people, access, system, and operations management.

    The best way for an organization to use these standards is to assess their own environment, understand their risks, and treat these risks with the controls outlined in the standards.

    This series groups controls into sections, which we note in brackets in the next section.

  • Secure Development

    Our Secure Development program will help your team understand the tools and knowledge they need to meet the ISO/IEC 27000 requirements listed below.

    • Security requirements of information systems (Section A.14.1), including how to consider security in the early design stages of systems.

    • Security in development and support processes (Section A.14.2), including how to include security throughout the development lifecycle.

    Security Awareness

    Our Security Awareness program will help you meet the requirements for the human resource security domain of the ISO/IEC 27000 standards.

    Through SafeStack, your team gets appropriate security awareness education based on regularly released content, which means the advice stays relevant in an ever-changing online environment.

    This program also teaches your staff learning actions that can help your organization meet other requirements, like those listed below.

    • Acceptable use of assets (Control A.8.1.3), including devices and data handling.

    • Use of secret authentication information (Control A.9.3.1), including how to securely manage passwords and personal data they have access to.

    • Clear desk and clear screen policy (Control A.11.2.9), as well as how to stay secure in your workplace, including how to handle visitors.

    • Responsibilities of all staff when it comes to information security incidents (Section A.16.1), including how to spot and raise incidents in the organization.

    • Privacy and protection of personally identifiable information (Control A.18.1.4), including how to identify personal information, how to secure it, and how to handle privacy-related breaches.

SOC 2

  • As organizations grow, they need to meet increasing compliance requirements — and SOC 2 (which stands for Systems and Organisations Controls 2) is one of them.

    SOC 2 is an auditing procedure that reports on various organizational controls related to security, availability, processing integrity, confidentiality, or privacy.

    These requirements are intended to make sure service providers manage the data they process securely, and in ways that protect the interests of the organization as well as the privacy of its clients.

    SOC 2 gives a basic structure for security measures, allowing companies to customize them to their needs.

  • SOC 2 requires organizations to do the following.

    • Communicate information that improves security knowledge and awareness.

    • Model appropriate security behaviors to their staff through a security awareness training program.

    Security Awareness

    Our Security Awareness training supports this by helping organizations prepare their teams for meeting the trust principles of security, availability, processing, integrity, and confidentiality of customer data.

NIST Cyber Security Framework

  • The NIST Cyber Security Framework is a tool that internal teams use for planning their work and strategy. It’s published by the United States National Institute of Standards and Technology (NIST).

    This framework applies to organizations of all shapes and sizes, and covers a broad scope of security topics including people, access, system, and operations management.

    The best way for an organization to use this framework is to assess their own environment, understand their risks, and treat these risks with the controls outlined in the framework.

  • SafeStack covers the awareness and training category (PR.AT) of the NIST Cyber Security Framework.

    Our Security Awareness program provides training on information security responsibilities for everyone on your team.

    Our Secure Development program provides training on information security responsibilities for your development teams.

    Secure Development

    Our Secure Development program provides ongoing training that helps your development team build and maintain secure systems and applications. As these teams tend to have more privileged access than others, we go into more detail about their security responsibilities in the context of their roles. This relates to NIST subcategory PR.AT-2.

    Security Awareness

    Our Security Awareness program has courses for everyone on your team, so you can keep all your learners informed and trained. It teaches the fundamental principles of cyber security, with learners building up a range of security skills and actions they can use to meet the outcomes of the NIST categories on training and education. This relates to NIST subcategory PR.AT-1.

    In our Personal Security for Managers and Leaders course, we also cover the role senior executives play as public leaders of the organization and the associated security impacts to consider. This relates to NIST subcategory PR.AT-4.

Everything else

  • Knowledge base

    You can find answers to the most common support questions in our knowledge base.

    Live chat

    Our friendly support team is standing by, ready to answer your questions and help you get the most out of your training. To start a chat, just click on the purple message icon at the bottom left of our website.

    We monitor our live chat from 11am to 7pm NZT, Monday to Friday. If you need help outside of these hours, leave us your question along with your email address and we’ll get back to you as soon as we can.

    Contact form

    If live chat’s not your thing but you still want to get in touch with a human, send us a message through our contact form.

    We aim to reply within two working days, and we’re always keen to have a chat about how we can help to bring cyber security and privacy training to your team.

  • Through SafeStack, we provide an education platform where learners can engage with our training content as well as connecting with our expert team and the wider learner community.

    We understand it can be helpful to have all your training content in your own LMS, but this means your learners miss out on the other community benefits we offer. If you’d like to discuss the options, contact our Sales team.

  • We believe in security for everyone, and working with our partners to reach more organizations helps make that a reality.

    Find out more on our Become a Partner page.

  • You noticed! These are our mascots, and they’re here to guide you through your training journey. You’ll see them pop up in our Security and Privacy Awareness courses and sometimes even in our Secure Development ones.

    We use mascots to help us avoid bias and stereotypes that human characters can introduce. Plus they’re adorable.

    Our mascots and other supporting characters are gender-neutral, using the pronouns “they” and “their”. This approach goes hand in hand with our belief that security is for everyone, and part of that is helping everyone feel included.

Subscriptions and payments

  • We offer a Free plan that gives you access to all our programs: no cost, no tricks, for as long as you need.

    If you’re looking for more than what our Free plan includes, head to our Pricing page to learn about our Team and Enterprise plans.

  • Cyber security and privacy training is an ongoing part of managing risk for organizations. Getting this right takes effort and a continued program of activities throughout the year.

    We keep our programs relevant to our learners by regularly releasing new courses. Because we provide content in this way, a subscription-based model makes sense.

    Our paid subscriptions are annual, so once you subscribe, you’ll have a membership to your chosen program for one year.

    For each year you subscribe, you’ll get new courses, supporting materials, and guidance from us.

    At the end of each year, you can renew to keep your access to the program and upcoming content, or you can cancel.

  • If you work for an organization that needs more than 100 seats, get in touch to find out about our tiered pricing model.

    Got a bigger team than that? Find out about our Enterprise plan on our Pricing page.

  • We can invoice you for your annual subscription payment, or you can pay with Visa, Mastercard, American Express, Discover, or PayPal.

    If your organization is based in New Zealand, GST is additional to our advertised pricing. For organizations outside of New Zealand, tax is not included in pricing.