Frequently asked questions
If you’re new to SafeStack, you probably have some questions. Here are answers to the more common ones.
Why choose SafeStack
How will SafeStack help my organization?
We created SafeStack because we believe everyone has the right to do what matters to them safely and securely, and we want to make cyber security and privacy skills a superpower anyone can have, whatever their role or organization size.
Our training is flexible, people-focused, and created by industry experts. It’s easy to roll out to everyone who needs it, and because it’s ongoing, learners can maintain momentum and keep their skills and knowledge sharp as the online environment changes. You can get started on our Free plan whenever you’re ready.
Our programs each have their own focus, but they’ll all help you manage your risk in a way that involves and empowers your team. Everyone has a part to play in staying safe online, and SafeStack will help your team grow their cyber security and privacy superpowers.
This program gives your development team the skills they need to build cyber security into their entire software development lifecycle (SDLC).
This helps your organization in a couple of key ways.
Cyber security has an impact on every organization, big or small — and security awareness education doesn’t need to be out of reach just because you don’t have a dedicated security or learning and development team.
This program makes it easy for smaller organizations to build their cyber security knowledge and skills, and the bite-sized courses — between 5 and 12 minutes long — are short enough that your team can fit them around whatever else they need to do, no sweat.
We release new courses regularly, so you can be sure everyone is up to speed on current cyber security issues like ransomware and invoice fraud.
Understanding privacy is essential for every organization that deals with or employs people. Getting privacy right is a compliance obligation and a way of building trust and a foundation for exceptional customer service.
We work with our friends at Simply Privacy to create this program, which will help you and your team understand privacy law and how it impacts your organization.
Why is your training ongoing rather than one-off?
When it comes to cyber security and privacy, we all have a responsibility to keep our skills up to date as the world around us changes.
We’ve made our programs ongoing so our learners can top up their skills as needed, and so we can be sure to provide the content that’s most relevant.
Adding new courses throughout the year helps our learners think of good cyber security and privacy behaviors as a daily practice, which they can cultivate by building a toolkit of skills and approaches that empower them to stay safe.
What’s a cyber security culture and how can SafeStack help me build one in my organization?
A healthy cyber security culture is one where everyone on your team feels supported, empowered, and engaged in learning about security, and where each person plays their part in keeping your people, systems, and data safe.
We care enormously about helping organizations build cyber security cultures, and we use different elements of our programs to do that.
Will my team like SafeStack training?
We’re confident they will! Here’s some more about what they can expect.
What makes SafeStack different from other cyber security and privacy training?
Programs and courses
What training programs do you offer?
This program gives software development teams of any size the skills and knowledge they need to weave security throughout the entire software development lifecycle.
Designed to help smaller organizations build cyber security skills and knowledge across everyone in their team, this program offers bite-sized courses that cover a wide range of security topics and behaviors.
What courses are included?
By regularly adding new courses and other content to this program, we keep it in line with industry trends and emerging threats, making it as relevant as possible for our learners.
Head over to our Courses page to learn more.
Why do you take a systems-level approach to teaching secure development?
Most organizations develop software in a range of languages, and they need to support systems across older, legacy stacks. We teach the design patterns needed to identify the causes of vulnerabilities, regardless of the underlying technology being used.
We’re happy to say our customers agree this approach works, finding they can easily apply what they learn across different languages.
We also teach essential skills like threat assessment and security testing, so the whole team can collaborate on security early and often.
Is the program self-paced?
Sure is. Our training is completely flexible, so learners can work at the pace that suits them. Our platform keeps track of where they’re up to, so they can pick up where they left off the next time they log in.
How long does it take to complete a course?
Learners can expect to spend anywhere between 1 to 6 hours completing a course, depending on which one they’re doing. Each course is organized in modules of up to 20 minutes, so it’s easy to dip in and out as needed.
Working through the labs can take a little longer. This varies from learner to learner, as some people are more or less familiar with what they need to do to solve them.
Is there a recommended skills level needed to complete this program?
Nope! It’s made for anyone who works on a development team, including developers, QA, testers, architects, DevOps, and design specialists.
The program starts with foundational concepts before moving on to more advanced subjects. This happens over multiple courses, so learners have time to develop their knowledge. The more advanced courses work on the idea that learners are familiar with certain development principles and techniques.
The complexity of each course matches up with our digital credential levels, so starting with the courses that offer Level 1 badges will help learners build their skills in a manageable way.
What are office hours?
Online office hours are included as part of all our Secure Development memberships, offering learners a chance to talk with our team about the course content or any particular secure development challenges they’re working through.
What are monthly seminars?
Monthly online seminars are included as part of all our Secure Development memberships. Hosted by our team, these seminars are designed to add to our learners’ experience and help them build a community of like-minded people to share challenges and approaches with.
What are digital credentials?
Digital credentials are a verified, shareable way of recognizing learners for completing courses. We’ve partnered with Credly to offer these for all our Secure Development courses.
Find out more about courses and credentials.
Security and Privacy Awareness
What courses are included?
We release new courses regularly on a range of cyber security and privacy topics and behaviors. Each course takes between 5 and 12 minutes to complete.
Cyber Secure Choices
This series lets learners explore different cyber attack scenarios, changing the direction of the story with their actions.
Find out more about available and upcoming courses on our Security and Privacy Awareness page.
How we help with compliance
How will SafeStack help my organization meet compliance requirements?
Meeting compliance requirements can be a headache. We love making the process easier for organizations, and our training is designed to support that.
Our Secure Development program helps development teams learn how to design security into their software right from the start, and our Security Awareness program helps teams understand and apply good security practices in everyday situations.
Our programs will help you meet compliance requirements relating to:
What’s PCI DSS and why is it important?
PCI DSS stands for Payment Cards Data Security Standard, and organizations need to meet this standard if they’re handling credit card data. The objective of PCI DSS is to protect card data from threats and to minimize data breach risks.
By meeting PCI DSS requirements, you’re making sure you’re accepting credit card payments and handling cardholder data in the right ways, and you’re keeping your business and customers safe.
How can SafeStack help?
We’ve created our PCI DSS content based on our hands-on experience helping teams navigate PCI DSS compliance. We promise our courses will help you do the same.
Our courses cover the PCI DSS compliance requirements listed below.
Our Secure Development program helps development teams build and maintain secure systems and applications with compliance requirements built into system design from the start.
Our Security Awareness program includes courses that deal specifically with PCI DSS. These are ideal for giving teams an overview of what PCI DSS is all about and what types of behaviors impact compliance.
ISO/IEC 27000 series
What’s the ISO/IEC 27000 series and why is it important?
The ISO/IEC 27000 series is a set of standards designed to help organizations improve their information security. They’re jointly published by the International Organization for Standardisation (ISO) and the International Electrotechnical Commission (IEC).
Most organizations audit themselves against these standards when they want to have their security practices certified.
The ISO/IEC 27000 series applies to organizations of all shapes and sizes, and covers a broad scope of security topics including people, access, system, and operations management.
The best way for an organization to use these standards is to assess their own environment, understand their risks, and treat these risks with the controls outlined in the standards.
This series groups controls into sections, which we note in brackets in the next section.
How can SafeStack help?
Our Secure Development program will help your team understand the tools and knowledge they need to meet the ISO/IEC 27000 requirements listed below.
Our Security Awareness program will help you meet the requirements for the human resource security domain of the ISO/IEC 27000 standards.
Through SafeStack, your team gets appropriate security awareness education based on regularly released content, which means the advice stays relevant in an ever-changing online environment.
This program also teaches your staff learning actions that can help your organization meet other requirements, like those listed below.
What’s SOC 2 and why is it important?
As organizations grow, they need to meet increasing compliance requirements — and SOC 2 (which stands for Systems and Organisations Controls 2) is one of them.
SOC 2 is an auditing procedure that reports on various organizational controls related to security, availability, processing integrity, confidentiality, or privacy.
These requirements are intended to make sure service providers manage the data they process securely, and in ways that protect the interests of the organization as well as the privacy of its clients.
SOC 2 gives a basic structure for security measures, allowing companies to customize them to their needs.
How can SafeStack help?
Our Security Awareness training supports this by helping organizations prepare their teams for meeting the trust principles of security, availability, processing, integrity, and confidentiality of customer data.
NIST Cyber Security Framework
What’s the NIST Cyber Security Framework and why is it important?
The NIST Cyber Security Framework is a tool that internal teams use for planning their work and strategy. It’s published by the United States National Institute of Standards and Technology (NIST).
This framework applies to organizations of all shapes and sizes, and covers a broad scope of security topics including people, access, system, and operations management.
The best way for an organization to use this framework is to assess their own environment, understand their risks, and treat these risks with the controls outlined in the framework.
How can SafeStack help?
Our Secure Development program provides ongoing training that helps your development team build and maintain secure systems and applications. As these teams tend to have more privileged access than others, we go into more detail about their security responsibilities in the context of their roles. This relates to NIST subcategory PR.AT-2.
Our Security Awareness program has courses for everyone on your team, so you can keep all your learners informed and trained. It teaches the fundamental principles of cyber security, with learners building up a range of security skills and actions they can use to meet the outcomes of the NIST categories on training and education. This relates to NIST subcategory PR.AT-1.
In our Personal Security for Managers and Leaders course, we also cover the role senior executives play as public leaders of the organization and the associated security impacts to consider. This relates to NIST subcategory PR.AT-4.
Subscriptions and payments
Why is SafeStack subscription-based?
Cyber security and privacy training is an ongoing part of managing risk for organizations. Getting this right takes effort and a continued program of activities throughout the year.
We keep our programs relevant to our learners by regularly releasing new courses. Because we provide content in this way, a subscription-based model makes sense.
Our paid subscriptions are annual, so once you subscribe, you’ll have a membership to your chosen program for one year.
For each year you subscribe, you’ll get new courses, supporting materials, and guidance from us.
At the end of each year, you can renew to keep your access to the program and upcoming content, or you can cancel.
What are my payment options?
We can invoice you for your annual subscription payment, or you can pay with Visa, Mastercard, American Express, Discover, or PayPal.
If your organization is based in New Zealand, GST is additional to our advertised pricing. For organizations outside of New Zealand, tax is not included in pricing.
What support options do you offer?
Our friendly support team is standing by, ready to answer your questions and help you get the most out of your training. To start a chat, just click on the purple message icon at the bottom left of our website.
We monitor our live chat from 11am to 7pm NZT, Monday to Friday. If you need help outside of these hours, leave us your question along with your email address and we’ll get back to you as soon as we can.
Can we integrate your content into our Learning Management System (LMS)?
Through SafeStack, we provide an education platform where learners can engage with our training content as well as connecting with our expert team and the wider learner community.
We understand it can be helpful to have all your training content in your own LMS, but this means your learners miss out on the other community benefits we offer. If you’d like to discuss the options, contact our Sales team.
Who are these cute characters I keep seeing?
You noticed! These are our mascots, and they’re here to guide you through your training journey. You’ll see them pop up in our Security and Privacy Awareness courses and sometimes even in our Secure Development ones.
We use mascots to help us avoid bias and stereotypes that human characters can introduce. Plus they’re adorable.
Our mascots and other supporting characters are gender-neutral, using the pronouns “they” and “their”. This approach goes hand in hand with our belief that security is for everyone, and part of that is helping everyone feel included.
Meet our mascot team
Riley is a gentle and wise red panda. They take great pride in their appearance, and you’ll notice that their favorite color is purple. Riley has a pet cat named Smokey.
Robots aren’t usually known for having emotions, but Kit sure does. They are the friendliest, most helpful robot — always ready to lend a hand with training and remind you to keep your software updated.
Robin is a force to be reckoned with. They’re usually the one to turn to for help when things go wrong. Calm under pressure and always using their laser-like focus to tackle security problems, ninja Robin loves to share their skills and advice to help teams stay safe online.
Who doesn’t need a sparkly unicorn in their lives? Po makes even the most demanding training points fun with a flip of their rainbow mane and the ever-present glimmer of their silly pink tongue.
Frankie is a New Zealand Rockhopper penguin. They hang out in our Privacy Awareness program and enjoy their status as our resident expert in New Zealand privacy law. Frankie is partial to head scratches and calamari.
Elliot is an Australian echidna. Don’t be put off by their prickly appearance — there’s a tender heart lying beneath. Elliot’s pretty shy but they love to share their knowledge of all things relating to Australian privacy law.
With their razor-sharp beak and mind like a steel trap, our sneaky magpie Mal is always up to something. They’ve been known to craft ransomware attacks and use social engineering tricks to gain unauthorized access to systems. Be sure to watch your back when this bird is around.