Cyber Security

Paysafe gets gamified secure coding training

QA's Cyber Security Director, Richard Beck, helped Paysafe to create a buzz around secure coding through gamified training.

Meet our client: Paysafe

Paysafe Group is a market leader with over 20 years of experience in payments. As a payment provider and payments company, Paysafe is heavily regulated. One of those regulations is the Payment Card Industry Data Security Standard (PCI DSS), a set of requirements to help protect cardholder data, taking into consideration the people, processes and technologies involved in payment card processing systems. It focuses on security management, policies, procedures, system configurations and secure software design.

The challenge:

To stay within the regulations, Paysafe needed to ensure their teams always start and maintain the right skills and training levels. Paysafe’s coding team required application security skills at any time and was geographically spread over global locations and time-zones.

They also wanted to create an internal buzz around secure coding and to embed secure software development practices as part of their culture. This was important for differentiating their service but also for attracting and retaining the best developers. Paysafe’s L&D team came up with the idea and then set out to find a training partner that could help shape and deliver their vision.

Paysafe were previously working with multiple vendors to provide the training their teams needed on a large portfolio of technical skills. They were looking for one partner that would have the breadth of technical training in one place, making the process much easier and more efficient.

With their teams needing to undertake so much training, they were also looking for partners and training that would increase their team’s engagement as well as enhancing their skills.

"We were looking to upgrade our programme and to make it more interactive, more engaging and more valuable for our teams. Because there are many different challenges from all sides and we have people who work on different technology, a one-size fits all approach wouldn’t work.

"It's not simply training, but the motivation to go further. We are going to introduce different certification programmes and leaderboards and constantly communicate about the top people achieving these results."

– Emil Minev, Senior L&D Consultant & Programme Manager at Paysafe Group

The solution:

Through QA, Paysafe discovered the Secure Coding Programme and working with Richard Beck, QA’s Director of Cyber Security, we created the complete learning journey for their teams. Paysafe’s Blended Secure Coding programme launched in February 2022 with hundreds of developers participating world-wide. The initial gamified challenge tournament, using the Secure Code Warrior platform, sets the bar and establishes a baseline for the organisation and the teams taking part.

Gamification provides an engaging learning environment for the software community that increases their knowledge retention rates, allows individuals to gain instant feedback on tasks completed or areas that need more attention, and provides a clear sense of learning accomplishments. The on-demand platform provides an easy-to-access, anytime-anywhere learner resource linked to code repository and project-based tooling.

The programme further included virtual application security workshops throughout, focusing on OWASP top ten intermediate skill sessions, DevSecOps and advanced application security workshops, including defensive coding techniques.

This human interaction supports the many different types of learning styles with contextualised delivery, teaching real-world pain points highlighted by the PaySafe information security teams.

The outcome: 

Paysafe were looking for a training partner that would help them add value to a mandatory training program. This was important to them, not just for their team’s development, but also to be able to show their clients the full picture of Paysafe’s values and performance level.

Paysafe’s top 10 business priorities included building awareness of skills, developing skills, and moving towards maturity to the point where skills development is embedded in the culture of the organisation, and there is focus on having a community of security champions.

QA’s offering has helped them move towards achieving these goals and we are continuing to work with Paysafe to increase engagement and the desire for individuals to move further through the process through different levels and thresholds.

"I would say this programme is beyond training. It is more around embedding transformation in the mindset of people, and this is exactly what we are looking for."
– Emil Minev, Senior L&D Consultant & Programme Manager at Paysafe Group