Beta online now: https://www.hacksplaining.com<p>There's a gap in the market for online security training aimed at developers. Most training companies focus on security awareness for regular employees (making sure your receptionist doesn't click on phishing emails) or infosec training for security professionals (learning how to perform penetration tests). Developers have to make do with books, blog posts, and online videos.<p>We've taken the most common security vulnerabilities and put together a series of interactive exercises that ask a developer to put themselves in the shoes of a hacker. Next, we show how to protect against these vulnerabilities with real code samples. Finally, we test developers on what they've learnt.<p>The beta launched a few weeks ago and the feedback has been amazing. We hit the front page of reddit (300,000+ page views in one day) and have more than 13,000 sign-ups so far. Our users are consistently telling us the same thing: they have always worried there is a gap in their security knowledge but have generally been too embarrassed to bring it up to their boss.<p>Getting into YC will help us grow the site into a real product. We have a couple of big security firms interested in working with us and a lot of enquiries about the premium version (which will allow employers to invite and track their employees' progress through the course). There's clearly an appetite for the product, and we want to build a business out of it!<p>If you have any questions or feedback, we'd love to hear from you. :-)
This sounds similar to Safelight (now, I guess, "Security Innovations"):<p><a href="https://www.securityinnovation.com/" rel="nofollow">https://www.securityinnovation.com/</a><p>They were quite successful with online security training, and companies will pay for it.<p>So my questions, I guess, are:<p>* How do you stack up content-wise against something like Safelight?<p>* Who are you, and what's your pedigree? To a big extent, companies buying security CBT are buying a sort of stamp of approval for their process; how does your brand do that for them?<p>* Why do security firms want online training? That seems like a really tough vertical to sell this kind of training for (big security firms tend to sell training courses like these themselves, except on-site, at nosebleed prices).
Wow, I like this quite a bit. Your tutorials are very informative without making me feel talked-down to.<p>How will you get users? I can imagine doing distribution via company training programs or via people telling their coworkers/friends about it (or maybe something else?). One of these vectors is going to be better than the others. Given your success on Reddit it's possibly a viral product, but if so, you need to worry about retention - it'll be interesting to see if users keep coming back to learn more.
This seems like a useful service that could get traction, but I think you'll need to find other ways to monetize it than charging companies to track their employees' progress. There are a lot of companies that sadly don't care enough about security to consider paying for a service like this. I would explore other avenues, such as certification (targeted at developers entering the field), referrals to security firms (e.g., consultants or pen testers), and job boards/placement.