Posted on

How SafeStack Academy is helping to make security for everyone in 2021

2020 was a big year that a lot of us would probably like to forget. 

It was hard but rewarding for our team — hard because 2020, and rewarding because we took a significant step in our mission of security for everyone.

For us, “security for everyone” means we talk about security in a way that’s approachable and practical, and that we work hard to make security training affordable and flexible so more people can do it.

It feels like years since the December 2019 hui where we talked about our dream of making an online training platform to house both our practical and technical training.

You shouldn’t need a big budget or team to secure what matters most to your organisation, and we knew that creating our training platform would go a long way to helping make that true. As cyber security gets more and more important, making this platform felt important, too.

Six months after that hui, with lots of sweat, tears, and happy dances along the way, we launched SafeStack Academy

We started by releasing our security awareness training programme, designed to make it easy for teams of all backgrounds to build their cyber security knowledge and skills.

Then in September we launched SafeStack Development Academy, our secure development training programme.

It was exciting to get SafeStack Academy out into the world, and there’s plenty more to come. We’re super pumped to make 2021 an even bigger and better year for our online training than the last. 

Here’s a look at what’s happened and what’s coming up.

The journey so far


Security for everyone

Our security awareness programme is aimed at small businesses and is all about making cyber security approachable and relevant for everyone, whatever their background or previous experience is. 

Since launching the programme, we’ve released a new, bite sized course each month. They’re just a few minutes long, so they’re easy to fit around whatever else you have on, and we make sure every course is engaging, interactive, and full of practical advice.


We think security can be fun, so in each course you’ll have our friendly mascots taking you through topics like storing and using passwords safely, the warning signs of a potential phish, and how to stay secure when working remotely.

We’ve also covered some more specific topics like the basics of PCI DSS compliance (part 2 coming soon!), which is essential for any organisation that collects, stores, or processes credit card transactions.


We marked Privacy Week in November by releasing the first two modules from a course on privacy awareness, created with our friends at Simply Privacy.

New Zealand’s Privacy Act 2020 came into effect in December, bringing with it some new obligations for organisations — so if you want a little help in understanding what privacy is, why it’s important, and how to safely and respectfully handle people’s personal information, this course is for you.

Phishing, but friendly

In August we started Spotted, our monthly phishing simulation service.

You probably know what phishing is, but for anyone who’s not familiar: it’s when someone sends you scam emails disguised as legitimate emails, with the aim of tricking you into sharing sensitive data or paying money.

Simulated phishing helps you get better at spotting (see what we did there?) these kinds of emails and forming the habit of reporting them as suspicious. Simulated phishing emails are set up in a safe environment, so you won’t come to any harm if you do whatever the email is asking you to do, like click a dodgy link.

We know phishing (whether it’s simulated or not) can be an unsettling experience, so every Spotted campaign is guided by safety, reassurance, and encouraging good reporting practices. If you click on a link in a Spotted email, you’ll meet Sam, our Spotted salamander, and they’ll have some helpful words for you.


Helping development teams become security champions

In September, we launched SafeStack Development Academy: our secure development training programme, focused on bringing security into software development.

Our commitment to flexibility and affordability also applies here! There are no minimum seat requirements, so teams of one are just as welcome as teams of hundreds.

We started off with courses on Security Fundamentals for Software Development and Finding and Fixing Web Application Security Vulnerabilities, and ended 2020 with a course on Threat Assessment for Software Development.

We release a new course quarterly, with our next one (Security Foundations for Software Testers) coming out in March.

We wanted SafeStack Development Academy to offer more than self-directed online learning, so we’ve built a bunch of other cool features into it, too. 

Inside our courses are our hands-on labs, where you can explore concepts and test your knowledge. Labs follow the security journey of a fictional company called Crypt-Oh-No, and each lab has its own story and an objective to achieve by finding a specific vulnerability. We think they’re pretty fun (and educational!).

One of our big drivers for SafeStack Development Academy was creating a sense of community, so we run online seminars each month to help nurture and support our members. So far we’ve covered educational, functional, and fun topics like personal security, incident response, and building security programmes through Capture the Flag competitions. It’s been so fun to see people getting involved and we’re already looking forward to our next seminar on cloud security.

Another community element we offer is online office hours where members can chat to our team about what they’re learning and any challenges they’d like a hand with. 

And lastly, we’ve teamed up with Credly to give our learners digital badges when they complete courses, so they can recognise and share their achievements.

What’s next

We’ve been making some big plans for 2021 which we’re excited to share. 

A new captain at the SafeStack Development Academy helm

Toni James joined us last year as a security specialist, and she’s moving into a new role as product owner for our secure development training.

With Laura focused on growing SafeStack Academy, and Erica plotting our path to get there, we needed to hand the reins of this programme to someone who knows what it’s like to be a technical learner. We needed someone who understands the stress, pressures, and needs of the engineers, developers, testers, and architects in our SafeStack Academy programme, and no one fits that bill better than Toni.

She’ll be the go-to (hella rad) lead who plans out the programme from course content, to seminar topics and guests, to labs, and anything else in between that supports our technical learners. We’re over the moon to have her in this role.

A lot more learning

Like always, making content that’s relevant and useful is a top priority for us, so our ears are open if there are any topics you’d like to suggest.

Here’s what’s lined up for 2021 so far.

Security Awareness

  • Getting Started with PCI DSS
    This course follows on from our previous one about PCI DSS, or Payment Card Industry Data Security Standard. If your organisation processes or stores credit card data, this course is for you.
  • Staying Secure When You Travel
    Although travel by plane might be on hold for some for a while, we’re still moving around by car, public transport, and taxi. In this course you’ll get actionable tips on staying safe while moving between your office and home.
  • More on Privacy Awareness
    This year we’re building on our first two privacy modules by adding new ones that cover the specifics of managing privacy breaches and handling information requests.

Secure Development

  • Security Foundations for Software Testers
    Security testing is a highly specialised aspect of software testing that can be different from the normal development cycle. This course will focus on providing a solid foundation for testers so they can feel comfortable with the terminology, the investigation and reporting process, and the different types of security testing that exist. This is the first in a two part series on software testing.
  • Security for Microservices / API-based Architectures
    API-based architectures are quite hot at the moment! We’ve worked with smaller companies using them as their core architecture design principles, and larger enterprises trialing this model for new products. Whatever stage you’re at, this course will teach you all you need to know when considering security in this architecture style.

Features and improvements

We’re working hard behind the scenes to make your SafeStack Academy experience the best it can be. This includes a new look and feel as well as improved user flows and features. Be on the look out later this year for more.

Join us on our adventure

We’re committed to growing SafeStack Academy while staying true to our goal of being leaders in practical, action-based, and technical security training. 

We’d love you join us! If getting on top of cyber security for your organisation has been on your mind, why not get started today with a free 14 day trial on either (or both) of our programmes below? These give you a chance to try out the courses as well as see what it’s like to manage your team’s training through SafeStack Academy.

We love to hear from you

Your feedback is super important to us! Drop us a line on  and let us know what you think.