DEV Community

Cover image for Snyk Learn and the NIST Cybersecurity Framework (CSF)
SnykSec for Snyk

Posted on • Originally published at snyk.io

3

Snyk Learn and the NIST Cybersecurity Framework (CSF)

NIST (National Institute of Standards and Technology) recently released its revamped cybersecurity framework (CSF), aptly called NIST CSF 2.0. The CSF previously had five functions: Identify, Protect, Detect, Respond, and Recover. With 2.0, there is now a sixth: Govern. While Snyk plays an important role in application security and governance, in this blog, we're going to look at the function Snyk Learn plays in CSF 2.0: Protect.

CSF 2.0: Protect

The CSF has a specific category within Protect called Awareness and Training (PR.AT). Many organizations that adopt this voluntary framework will spend their resources fulfilling this category by adopting tools or training for all employees to level up their cybersecurity skills and knowledge. Topics such as strong passwords, phishing attacks, and ransomware will be discussed. Having a baseline of cybersecurity knowledge within an organization will certainly help protect data and privacy. In fact, it has been shown that security awareness training within an organization will reduce successful phishing attacks

But rather than focus on end-user attacks, Snyk Learn takes a developer-focused approach to security training. Instead of covering phishing attacks, Snyk Learn covers specialized cybersecurity topics such as SQL injection, cryptography, server-side request forgery (SSRF), and more. These topics are crucial for developers to know in order for them to reach a baseline of current cybersecurity knowledge within their domain. The goal of Snyk Learn is to help developers build security into their applications from the start so there are fewer attack opportunities in production.

Not all employees need to understand cybersecurity from the developer's perspective. A new employee in marketing won’t benefit from training on memory leaks. However, a junior developer who recently graduated with a Computer Science degree may not have the necessary knowledge to prevent insecure code from making its way into production.

Training is a key to security adoption

Developer training should not be overlooked when adopting a cybersecurity framework for your organization. Snyk helps you empower developers with foundational security knowledge on how to avoid common vulnerabilities, so teams can embed security earlier in the SDLC and reduce risk across the business. 

Snyk Learn, our developer-first cybersecurity education platform, is aligned with the NIST National Initiative for Cybersecurity Education (NICE) Framework. We provide a comprehensive and standardized approach to cybersecurity education that equips learners with the knowledge, skills, and abilities required for a successful career in the cybersecurity industry.

Take one of our free, on-demand classes today or settle in and finish an entire learning path this week. Here are some options you may enjoy:

Beyond developer security education, the Snyk developer security platform also supports 10+ compliance standards — including NIST, CIS Benchmarks for AWS, Azure, and Google Cloud, SOC 2, PCI-DSS, ISO 27001, HIPAA, and more. Through continuous monitoring across your cloud/IaC environments and ongoing mapping to industry benchmarks and compliance standards, Snyk provides meaningful evidence to help teams prepare for audit and achieve regulatory compliance.

Image of AssemblyAI tool

Transforming Interviews into Publishable Stories with AssemblyAI

Insightview is a modern web application that streamlines the interview workflow for journalists. By leveraging AssemblyAI's LeMUR and Universal-2 technology, it transforms raw interview recordings into structured, actionable content, dramatically reducing the time from recording to publication.

Key Features:
🎥 Audio/video file upload with real-time preview
🗣️ Advanced transcription with speaker identification
⭐ Automatic highlight extraction of key moments
✍️ AI-powered article draft generation
📤 Export interview's subtitles in VTT format

Read full post

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay