aboutsecuritytrainingmodules

Cancel Edit [WikiEntry.PreviewButtonText] Save
Return to HomePage


About patterns & practices Security Training Modules

Here are some of the key design intents and thinking for the pilot.

Purpose

* Provide the training to help make the p&p security guidance mainstream
* Improve training delivery by acknowledging customers need self-paced and short-burst (small, modular blobs)
* Improve the consumption of training by decreasing time commitment and making it easier to consume (e.g. podcast, nuggets over long web casts, or …)
* Improve the value of training by using real-world samples and code you can use to get your job done
* Improve the credibility of training by using name-brand folks and thoughtful results/outcomes

User Experience

You see a link to Training. You suspect the training falls short due to one or more of the following …
* Monolithic blobs of media or content that you have no single chunk of time for
* Folks that don’t know know what they’re talking about
* Academic samples and solutions
* No valuable skills to walk away with

You decide to click the link anyway. To your surprise, you see the following:
* A simple list of consumable modules
* Name brand folks
* Real-world guidance, backed by proven practice
* Sanctioned by p&p

The list of modules, might look something like this …
ASP.NET 2.0
* Input and Data Validation
* Authentication
* Authorization

Under each topic, you see the following consistent set of individual modules:
* Objectives. A list of task-based things you will be able to do ( e.g. real-world problems, protect a connection string, use reg expressions to validate input … etc.)
* Slides. A slide overview of the topic
* Demo. A quick demo of the task.
* Modular Labs (1 or more short lab per topic) -- self-paced, can be done in 20 mins or less.
* Test Your Skills.
* Recommended Guidance. (links to key guidance)
* Additional Resources. PodCast, relevant Web cast, Nugget, and guidance

Modules will optimize for dev-time so you can make stuff work on your box, but will call out key Deployment /Production Considerations, such as RSA provider in Web Farm scenario.

Musts and Must Nots


Must
* Modular (e.g. Module per end-to-end task)
* 20 minute chunks max. Hands-on labs should be executable in 20 minutes or less (no 1+ hour labs)
* Focused modular labs around practical, real-world coding activities/tasks (e.g. connect to db, audit user, authenticate user using forms, authenticate user using Windows …etc.)
* Heavy on results/competence; light on theory
* Optimize for design time, but include Production/Deployment Considerations/Scenarios

Must Not
* Big blobs of media that require time commitments beyond 20 minute chunks. Multiple end to end tasks per module


Example Tree-View

* ASP.NET
* Input and Data Validation
* Objectives -- (1 page doc)
* PPT overview of the topic (20 slides or less)
* Flash Demo (5-10 minute demo)
* Modular Lab (10 page doc)
* Test Your Skills (1-2 page quiz)
* Recommended Guidance (1 page)
* Additional resources: (1 page)
* Authentication
* Objectives -- a quick list of things you'll be able to do (protect a connection string, use reg expressions to validate input … etc.)
* PPT overview of the topic
* Flash Demo
* Modular Lab -- self-paced, can be done in 20 mins or less.
* Test Your Skills
* Recommended Guidance (links to key guidance)
* Additional resources: PodCast, relevant Web cast, Nugget, and guidance
* Authorization
* Objectives -- a quick list of things you'll be able to do (protect a connection string, use reg expressions to validate input … etc.)
* PPT overview of the topic
* Flash Demo
* Modular Lab -- self-paced, can be done in 20 mins or less.
* Test Your Skills
* Recommended Guidance (links to key guidance)
* Additional resources: PodCast, relevant Web cast, Nugget, and guidance

Feedback

* Send mail to labmods at microsoft.com


Return to HomePage
Cancel Edit [WikiEntry.PreviewButtonText] Save
Microsoft Communities