SecureFlag, an online training platform that applies new methodologies for the development of safe and new generation software, enters the GELLIFY portfolio; GELLIFY, in turn, is a B2B innovation platform that selects, invests and makes innovative start-ups, which are characterised by a high technological content, grow, by connecting them to traditional companies with the goal of innovating their processes, products and business models.
SecureFlag was established in London in 2020 by Emilio Pinna, IT engineer with a consolidated experience in the field of offensive security and adversary emulation in the financial and banking sectors, together with Andrea Scaduto, IT engineer with a past experience in the field of cybersecurity applied to the finance, energy and telecommunications sectors. The latter has always measured himself with the needs and challenges of security in the business world, with a particular attention to the development of solutions aimed at reducing costs to solve security problems on a large scale.
The start-up was established and placed in a market context with wide potential, both in terms of perspectives and numbers. Cybersecurity in software development is considered a fundamental aspect in the business world: it is the basis for the loyalty of existing customers and one of the main sales levers for acquiring new ones. Furthermore, the costs, in the event of a breach of security, are huge, both in terms of penalties imposed by the regulatory bodies and of damage to reputation.
For these reasons, most companies, which operate in regulated sectors, provide their employees working in the field of software development and - more in general - to all the technical profiles with information security training. There are two consolidated types of specialist training in the field of IT security and applications. The first is frontal training with an instructor technician, who, if we look at the positive side, provides practical examples that facilitate learning. On the other hand, however, it has the strong limitation of having high costs and checks to be scheduled, which make it a training that is not sustainable to apply periodically. The second type is remote training, called Computer Based Training (CBT).
The Classic CBT provides training through a series of purely theoretical slides and animations without practical examples, which are necessary to understand the complexity of modern software and the different specialisations of the developers. Although with the advantage of being an economic solution to train tens of thousands of developers in large companies and multinationals, thus respecting the regulatory bodies, it has the limit of measuring the ROI (return on investment) with difficulty, because the checks are often based on multiple choice questions that are not adequate to measure whether the subjects, who are trained, are then able to apply the knowledge acquired concretely.
SecureFlag was created precisely to bridge the gaps in the two types of specialised training in the sector: it offers the market an online training platform for learning through new methodologies aimed at the development of safe software solutions. The platform offers practical exercises in real development environments, created on request in a few seconds and accessible through the web. On the one hand, it offers a free platform with limited functionality and, on the other, a SaaS (Software as a Service) platform for companies and organisations.
Simulations of real development environments, interactive and 'gamified' training, personalised practical exercises, training courses selectable by employees and certifications, simulations of cyber attacks in the internal communities of developers, individual and team result metrics as well as the measurable return on investment in training: these are all the features and functionality included in a single platform, which distinguish it from all the others present on the market. The SecureFlag gellification programme will involve all the areas of the organisation, with varying degree and priority: from strategy to marketing, passing through the fiscal, legal and administrative support.