Frequently asked questions
If you’re new to SafeStack Academy, you probably have some questions. Here are answers to the more common ones.
Why choose SafeStack Academy
How will SafeStack Academy help my organisation?
We created SafeStack Academy because we believe everyone has the right to do what matters to them safely and securely, and we want to make cyber security and privacy skills a superpower anyone can have, whatever their role or organisation size.
Our training is flexible, people-focused, and created by industry experts. It’s easy to roll out to everyone who needs it, and because it’s ongoing, learners can maintain momentum and keep their skills and knowledge sharp as the online environment changes. We don’t have minimum seat requirements, so you can get started whenever you’re ready.
Our programmes each have their own focus, but they’ll all help you manage your risk in a way that involves and empowers your team. Everyone has a part to play in staying safe online, and SafeStack Academy will help your team grow their cyber security and privacy superpowers.
This programme gives your development team the skills they need to build cyber security into their entire software development life cycle (SDLC).
This helps your organisation in a couple of key ways.
Cyber security has an impact on every organisation, big or small — and security awareness education doesn’t need to be out of reach just because you don’t have a dedicated security or learning and development team.
This programme makes it easy for smaller organisations to build their cyber security knowledge and skills, and the bite-sized courses — between 5 and 12 minutes long — are short enough that your team can fit them around whatever else they need to do, no sweat.
We release new courses regularly, so you can be sure everyone is up to speed on current cyber security issues like ransomware and invoice fraud.
Understanding privacy is essential for every organisation that deals with or employs people. Getting privacy right is a compliance obligation and a way of building trust and a foundation for exceptional customer service.
We work with our friends at Simply Privacy to create this programme, which will help you and your team understand privacy law and how it impacts your organisation.
Why is your training ongoing rather than one-off?
When it comes to cyber security and privacy, we all have a responsibility to keep our skills up to date as the world around us changes.
We’ve made our programmes ongoing so our learners can top up their skills as needed, and so we can be sure to provide the content that’s most relevant.
Adding new courses throughout the year helps our learners think of good cyber security and privacy behaviours as a daily practice, which they can cultivate by building a toolkit of skills and approaches that empower them to stay safe.
What’s a cyber security culture and how can SafeStack Academy help me build one in my organisation?
A healthy cyber security culture is one where everyone on your team feels supported, empowered, and engaged in learning about security, and where each person plays their part in keeping your people, systems, and data safe.
We care enormously about helping organisations build cyber security cultures, and we use different elements of our programmes to do that.
Will my team like SafeStack Academy training?
We’re confident they will! Here’s some more about what they can expect.
What makes SafeStack Academy different from other cyber security and privacy training?
Programmes and courses
What training programmes do you offer?
This programme gives software development teams of any size the skills and knowledge they need to weave security throughout the entire software development lifecycle.
Designed to help smaller organisations build cyber security skills and knowledge across everyone in their team, this programme offers bite-sized courses that cover a wide range of security topics and behaviours.
What courses are included?
By regularly adding new courses and other content to this programme, we keep it in line with industry trends and emerging threats, making it as relevant as possible for our learners.
The Secure Development courses listed below are available now, with more coming soon.
Why do you take a systems-level approach to teaching secure development?
Most organisations develop software in a range of languages, and they need to support systems across older, legacy stacks. We teach the design patterns needed to identify the causes of vulnerabilities, regardless of the underlying technology being used.
We’re happy to say our customers agree this approach works, finding they can easily apply what they learn across different languages.
We also teach essential skills like threat assessment and security testing, so the whole team can collaborate on security early and often.
Is the programme self-paced?
Sure is. Our training is completely flexible, so learners can work at the pace that suits them. Our platform keeps track of where they’re up to, so they can pick up where they left off the next time they log in.
How long does it take to complete a course?
Learners can expect to spend anywhere between 1 to 6 hours completing a course, depending on which one they’re doing. Each course is organised in modules of up to 20 minutes, so it’s easy to dip in and out as needed.
Working through the labs can take a little longer. This varies from learner to learner, as some people are more or less familiar with what they need to do to solve them.
Is there a recommended skills level needed to complete this programme?
Nope! It’s made for anyone who works on a development team, including developers, QA, testers, architects, DevOps, and design specialists.
The programme starts with foundational concepts before moving on to more advanced subjects. This happens over multiple courses, so learners have time to develop their knowledge. The more advanced courses work on the idea that learners are familiar with certain development principles and techniques.
The complexity of each course matches up with our digital badge levels, so starting with the courses that offer Level 1 badges will help learners build their skills in a manageable way.
What are office hours?
Online office hours are included as part of all our Secure Development memberships, offering learners a chance to talk with our team about the course content or any particular secure development challenges they’re working through.
What are monthly seminars?
Monthly online seminars are included as part of all our Secure Development memberships. Hosted by our team, these seminars are designed to add to our learners’ experience and help them build a community of like-minded people to share challenges and approaches with.
What are digital badges?
Digital badges are a verified, shareable way of recognising learners for completing courses. We’ve partnered with Credly to offer digital badges for all our Secure Development courses.
Find out more on our Digital Badges page.
What courses are included?
We release new courses regularly on a range of cyber security topics and behaviours. Each course takes between 5 and 12 minutes to complete.
The Security Awareness courses listed below are available now, with more coming soon.
Cyber Secure Choices
Included in all Security Awareness memberships, this series lets learners explore different cyber attack scenarios, changing the direction of the story with their actions.
The first two episodes are available now, with more coming soon.
How we help with compliance
How will SafeStack Academy help my organisation meet compliance requirements?
Meeting compliance requirements can be a headache. We love making the process easier for organisations, and our training is designed to support that.
Our Secure Development programme helps development teams learn how to design security into their software right from the start, and our Security Awareness programme helps teams understand and apply good security practices in everyday situations.
Our programmes will help you meet compliance requirements relating to:
What’s PCI DSS and why is it important?
PCI DSS stands for Payment Cards Data Security Standard, and organisations need to meet this standard if they’re handling credit card data. The objective of PCI DSS is to protect card data from threats and to minimise data breach risks.
By meeting PCI DSS requirements, you’re making sure you’re accepting credit card payments and handling cardholder data in the right ways, and you’re keeping your business and customers safe.
How can SafeStack Academy help?
We’ve created our PCI DSS content based on our hands-on experience helping teams navigate PCI DSS compliance. We promise our courses will help you do the same.
Our courses cover the PCI DSS compliance requirements listed below.
Our Secure Development programme helps development teams build and maintain secure systems and applications with compliance requirements built into system design from the start.
Our Security Awareness programme includes courses that deal specifically with PCI DSS. These are ideal for giving teams an overview of what PCI DSS is all about and what types of behaviours impact compliance.
ISO/IEC 27000 series
What’s the ISO/IEC 27000 series and why is it important?
The ISO/IEC 27000 series is a set of standards designed to help organisations improve their information security. They’re jointly published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC).
Most organisations audit themselves against these standards when they want to have their security practices certified.
The ISO/IEC 27000 series applies to organisations of all shapes and sizes, and covers a broad scope of security topics including people, access, system, and operations management.
The best way for an organisation to use these standards is to assess their own environment, understand their risks, and treat these risks with the controls outlined in the standards.
This series groups controls into sections, which we note in brackets in the next section.
How can SafeStack Academy help?
Our Secure Development programme will help your team understand the tools and knowledge they need for meeting the ISO/IEC 27000 requirements listed below.
Our Security Awareness programme will help you meet the requirements for the human resource security domain of the ISO/IEC 27000 standards.
Through SafeStack Academy, your team gets appropriate security awareness education based on regularly released content, which means the advice stays relevant in an ever-changing online environment.
This programme also teaches your staff learning actions that can help your organisation meet other requirements, like those listed below.
What’s SOC 2 and why is it important?
As organisations grow, they need to meet increasing compliance requirements — and SOC 2 (which stands for Systems and Organisations Controls 2) is one of them.
SOC 2 is an auditing procedure that reports on various organisational controls related to security, availability, processing integrity, confidentiality, or privacy.
These requirements are intended to make sure service providers manage the data they process securely, and in ways that protect the interests of the organisation as well as the privacy of its clients.
SOC 2 gives a basic structure for security measures, allowing companies to customise them to their needs.
How can SafeStack Academy help?
Our Security Awareness training supports this by helping organisations prepare their teams for meeting the trust principles of security, availability, processing, integrity, and confidentiality of customer data.
NIST Cyber Security Framework
What’s the NIST Cyber Security Framework and why is it important?
The NIST Cyber Security Framework is a tool that internal teams use for planning their work and strategy. It’s published by the United States National Institute of Standards and Technology (NIST).
This framework applies to organisations of all shapes and sizes, and covers a broad scope of security topics including people, access, system, and operations management.
The best way for an organisation to use this framework is to assess their own environment, understand their risks, and treat these risks with the controls outlined in the framework.
How can SafeStack Academy help?
Our Secure Development programme provides ongoing training that helps your development team build and maintain secure systems and applications. As these teams tend to have more privileged access than others, we go into more detail about their security responsibilities in the context of their roles. This relates to NIST subcategory PR.AT-2.
Our Security Awareness programme has courses for everyone on your team, so you can keep all your learners informed and trained. It teaches the fundamental principles of cyber security, with learners building up a range of security skills and actions they can use to meet the outcomes of the NIST categories on training and education. This relates to NIST subcategory PR.AT-1.
In our Personal Security for Managers and Leaders course, we also cover the role senior executives play as public leaders of the organisation and the associated security impacts to consider. This relates to NIST subcategory PR.AT-4.
Subscriptions and payments
How much do your programmes cost?
Why is SafeStack Academy subscription-based?
Cyber security and privacy training is an ongoing part of managing risk for organisations. Getting this right takes effort and a continued programme of activities throughout the year.
We keep our programmes relevant for our learners by regularly releasing new courses. Because we provide content in this way, a subscription-based model makes sense.
Our subscriptions are annual, so once you subscribe, you’ll have membership to your chosen programme for one year.
For each year you subscribe, you’ll get new courses, supporting materials, and guidance from us.
At the end of each year, you can renew to keep your access to the programme and upcoming content, or you can cancel.
What are my payment options?
We can invoice you for your annual subscription payment, or you can pay with Visa, Mastercard, American Express, Discover, or PayPal.
If your organisation is based in New Zealand, GST is additional to our advertised pricing. For organisations outside of New Zealand, tax is not included in pricing.
What support options do you offer?
Our friendly support team is standing by, ready to answer your questions and help you get the most out of your training. To start a chat, just click on the purple message icon at the bottom left of our website.
We monitor our live chat from 11am to 7pm NZT, Monday to Friday. If you need help outside of these hours, leave us your question along with your email address and we’ll get back to you as soon as we can.
Can we integrate your content into our Learning Management System (LMS)?
Through SafeStack Academy, we provide an education platform where learners can engage with our training content as well as connecting with our expert team and the wider learner community.
We understand it can be helpful to have all your training content in your own LMS, but this means your learners miss out on the other community benefits we offer. For this reason, we don’t offer an option for integrating into an existing LMS.
How can I partner with SafeStack Academy?
We believe in security for everyone, and working with our partners to reach more organisations helps make that a reality.
We have several partnership options available to suit different needs.
We can work together with subject matter experts from your organisation to create course content.
Options include selling branded SafeStack Academy courses through your channels and white labelling our content to sell to your customers. Contact us through our Become a Partner page to learn more about commission rates and agreement terms.
In-person and online events
Our team can work with you to co-host webinars, panels, and other events, designed to build community and share relevant, practical cyber security tips and tools.
If you’re interested in these options or have other ideas for working together, we’d love to hear from you.
Send us your details through our Become a Partner page and we’ll be in touch soon.
Who are these cute characters I keep seeing?
You noticed! These are our mascots, and they’re here to guide you through your cyber security and privacy journey. You’ll see them pop up in our Security and Privacy Awareness courses.
We use mascots to help us avoid bias and stereotypes that human characters can introduce. Plus they’re adorable.
Our mascots and other supporting characters are gender-neutral, using the pronouns “they” and “their”. This approach goes hand in hand with our belief that security is for everyone, and part of that is helping everyone feel included.
Meet our mascot team
Riley is a gentle and wise red panda. They take great pride in their appearance, and you’ll notice that their favourite colour is purple. Riley has a pet cat named Smokey.
Robots aren’t usually known for having emotions, but Kit sure does. They are the friendliest, most helpful robot — always ready to lend a hand with training and remind you to keep your software updated.
Robin is a force to be reckoned with. They’re usually the one to turn to for help when things go wrong. Calm under pressure and always using their laser-like focus to tackle security problems, ninja Robin loves to share their skills and advice to help teams stay safe online.
Who doesn’t need a sparkly unicorn in their lives? Po makes even the most demanding training points fun with a flip of their rainbow mane and the ever present glimmer of their silly pink tongue.
Frankie is a New Zealand Rockhopper penguin. They hang out in our Privacy Awareness programme and enjoy their status as our resident expert in New Zealand privacy law. Frankie is partial to head scratches and calamari.
Elliot is an Australian echidna. Don’t be put off by their prickly appearance — there’s a tender heart lying beneath. Elliot’s pretty shy but they love to share their knowledge of all things relating to Australian privacy law.
With their razor-sharp beak and mind like a steel trap, our sneaky magpie Mal is always up to something. They’ve been known to craft ransomware attacks and use social engineering tricks to gain unauthorised access to systems. Be sure to watch your back when this bird is around.