CUSTOMER STORIES | VISTA Group

Vista Group: Scaling Security Training Across Multiple Business Units

Scaling Security Training Across Multiple Business Units

Organization Size

  • 300 developers

  • 4 AppSec team members

Industry

Tech solutions for the global film industry

Region

NEW ZEALAND

The Challenge

Vista faced a scaling challenge. Stephen's team had invested weeks creating custom OWASP Top 10 training specifically for their largest business unit. Then came a company reorganization that  unified six business units—with each running different platforms and tech stacks. They now needed to pivot and find a solution that worked for the rest of the business.

Additionally, as Vista transitioned from on-premise to cloud applications, customers began requesting SOC 2 reports and PCI compliance evidence. The team needed scalable, compliant training that could cover diverse technical requirements without requiring months of custom development for each business unit.

The Solution

Vista implemented SafeStack as a SCORM customer, integrating the content into their existing LMS:

●      Fundamentals 1 & 2 courses rolled out as compulsory training

●      Threat assessment training for structured security thinking

●      Three training cycles per year with three-month completion windows

●      Monitoring and reporting tied to board-level compliance requirements

Implementation Approach

Vista took what Stephen called "the least sophisticated way" initially—prioritizing getting training deployed over perfect customization. They focused on fundamental courses that provided a common security language across all business units. Completion rates were monitored monthly and shared with engineering management teams, creating accountability without heavy-handed enforcement.

While I would love to have bespoke training for every team in the company, I know how much effort it takes to create and maintain that type of content and it’s just not practical for my team. So while the Safestack training may not be as tailored as training we could create for ourselves,  it has certainly been a practical solution that saves us significant time."

Stephen Moir
AppSec Architect

Result & Impact

Time Savings:

  • Eliminated weeks of effort for each custom training build

  • No more repetitive annual OWASP presentations

  • Avoided months of elapsed time creating training for multiple business units

Compliance Achievement:

  • Met SOC 2 training requirements

  • Addressed PCI compliance needs

  • Established foundation for security conversations with all teams

Scalability:

  • Single platform serving 300 developers across 6 business units

  • Ready-to-deploy content for multiple tech stacks

  • Quick updates (video fixes delivered in less than a week)

Lesson Learned:

  • SCORM integration worked well for organizations with established LMS systems, though updates were slower than native platform

  • Having training in place enabled better threat modeling adoption (teams used models to reason about complex features)

  • Third-party cookie issues taught them unexpected lessons about browser compatibility

  • One engaged employee took 4,000 words of notes, highlighting need for multiple learning format options

Ready to scale security across your development team?

See how SafeStack can help you build a Security Champions program and empower developers to own security—even with limited resources.

Book a Demo