We know that tools alone don't fix security issues. It takes a combination of the right people, following the correct process, and utilizing your tooling appropriately to get a handle on security. We are very proud of the tools we make available, helping folks get a handle on secrets sprawl, leak and intrusion detection, and IaC security, and we are also happy to make multiple educational resources available to developers and security professionals.
Everyone learns at their own pace and in their own style. This is as true for the elementary school child as it is for the seasoned developer trying to use a new tool. Fortunately, at GitGuardian, we have the resources you need to learn how to get a handle on secrets sprawl, no matter your learning style. ## Different learning styles
While everyone learns their own way, most research supports that there are at least four common learning styles:
- Visual learning - Image and video-based content works best for this type of student.
- Aural learning - Listening to instructions works best for this type of learner.
- Reading/writing learning - Good documentation and taking notes help this type of learner retain information best.
- Kinesthetic learning - This type of learner needs hands-on experience to have the best results.
People also learn with different approaches, even when using the same material. For some, self-led exploration might be the easiest method, while others want an instructor to lead them through a set curriculum.
No wrong way to learn
Many people fall across multiple categories, which we can call multimodal. While you likely already know how you learn best, there are multiple online quizzes to help you determine what type of learner you might be.
It is important to remember there is no single 'correct' way to approach learning anything. Your results for learning anything depends on your experiences and situation. If you find yourself less than engaged by a document, a video might help you understand the concept better.
On the other hand, there are definitely some incorrect ways to handle secrets. If you are pasting them in plaintext into your code, CI/CD environments, ticketing systems, or messaging platforms, such as Slack, then it is time to take a closer look at how to manage secrets. GitGuardian has many great resources to help you on your path to eliminating secrets sprawl, no matter how you learn best. ## Visual learning
For folks who prefer video-based learning, we have the GitGuardian YouTube channel. Once you like and subscribe, you can find a playlist that best matches your investigation. If you are looking for a high-level overview of our offerings, you can check out the Product Demos playlist. These are a great introduction to the platform and tools to defeat secrets sprawl.
If you want to familiarize yourself with the individual features of the platform in very little time, try our Lighting Demos.
Some visual learners prefer static images instead of moving videos. For those folks, we have our Security Zine series. These infographics condense complex subjects into easily digestible pieces and give you a clear, high-level overview.
Learning by listening
For those who prefer to learn by listening, GitGuardian Developer Advocates covers a wide range of security topics in The Security Repo Podcast, available on Spotify, Apple Podcasts, and YouTube. Each episode features a new subject matter expert discussing an element of security they are passionate about. Subjects range from (legally) breaking into banks as a pentester to uncovering thousands of hardcoded secrets in PyPI packages.
Reading to learn
For many people, written text is their preferred way to gain knowledge. No matter what your experience level or goals with code security, GitGuardian has content to help you on your journey.
We invite you to dig into our documentation to make the most of the GitGuardian platform. We can guide you from creating your first account to remediating your first incident. We also have robust documentation on integrating with your repositories, your CI platforms, and preferred alerting systems, like Pagerduty.
Aside from the core platform, we also provide docs about:
- ggshield, the GitGuardian CLI.
- Infra as Code Security.
- Honeytoken - Our cyber deception tool for detecting leaks and intrusion in seconds.
- The GitGuardian Secrets Detection Engine - Explore in-depth how we detect and validate over 400 types of secrets.
And for folks who want to dig in on automation and add GitGuardian to your existing tooling, we have a full guide to using the GitGuardian API.
Aside from just writing about our platform and tools, we also have a lot of content on a myriad of other subjects on the GitGuardian Blog, where you might be reading this right now. While we do post product news and GitGuardian team members spotlight articles, we also make educational content available, like our Tutorials series, covering technical subjects like Open Policy Agent with Kubernetes and Handling Secrets with AWS Secrets Manager.We cover a wide range of security news items, too, such as breach analysis, taking a deeper look at how incidents like the ones at Uber or Toyota went down. Additionally, we cover what experts are saying about the evolution of security with our coverage of security and tech conferences.
Chances are, quickly browsing our blog will give you some valuable insights, no matter what you are working on.
For folks who want to get right to the facts and get simplified one-page explanations of various subjects, we have something for you, too. The GitGuardian Cheat Sheets are quick reference guides that can help you gain proficiency in subjects like using GitGuardian Honeytoken, understanding and following secure code review best practices, or how to use ggshield to avoid hardcoded secrets.
Everyone has to start somewhere when first learning about security. We are proud to have helped many individuals understand security fundamentals through our Learning Center. We cover topics such as secrets and secrets sprawl fundamentals and DevOps basics. We can help your team grasp concepts like Shifting Left and DevSecOps through these learning pages, which can be easily shared, helping you improve your whole organization's security knowledge.
Hands-on learning opportunities
Many people need practical experience with a tool or platform to fully understand certain concepts or workflows. We know that there are few things as exciting as downloading a new tool and poking around on your own to discover how things work. We also know that sometimes folks can learn much more if there is guidance and instruction to go with any technical interactions. We are proud to have options for both of these paths.
Facilitated learning opportunities
We have been proud to work with hundreds of developers, one-on-one and as a team, to guide them through workshops and exercises. Having a GitGuardian expert right there to help explain a tricky concept or help you get unstuck at a specific point can make all the difference. Organizations engage with us in a few different ways.
Hunt the Hacker CTF
We proudly offer a Hunt the Hacker Capture-the-Flag, CTF. This is an interactive experience based on a real-world blue teaming scenario, where participants use honeytokens to discover who and what is compromised and how to clean up their GitLab repositories. While originally developed for events such as AppSecVillage inside DEF CON and RSA, we can offer your team the chance to experience this firsthand. We can come onsite to facilitate or run the entire CTF remotely, depending on the circumstances.
If you want to engage with GitGuardian set up your own CTF, reach out at firstname.lastname@example.org.
Lunch and Learns
Sometimes, the best way to learn is with a full stomach. That is the whole idea behind our lunch and learn offerings. GitGuardian has a number of experts who can guide your team through a wide range of subjects while the team gathers in person or at their remote workstations to have a meal or an afternoon drink. We have given lunch and learn sessions to teams who wanted a deeper understanding of the problem of secrets sprawl and high-level insights into ever-evolving software supply chain security concerns. We can also dive deep into technical subjects like customizing and using ggshield at scale and automating honeytoken deployments with the API. If this sounds like a good fit for your team, please reach out to email@example.com
Self Guided Repos
While many folks benefit from some guidance, many others find trial and error and experimentation the best way to learn. You can find multiple repositories on the GitGuardian GitHub page.
For those who want to experiment with ggshield against a test repository with known plaintext credentials throughout the git history, we offer sample secrets. This simple Python and JS-based repo can be quickly cloned and used to explore all the CLI commands, helping you gain confidence in the tool before looking for secrets in your repositories.
If you want to get a better understanding of how to automate with the GitGuardian API, we offer gitguardian-examples. This Jupyter Notebook-based experience walks through the major API calls and then offers a jumping-off point for creating your own automation with the platform'sis capabilities.
Learning safety at any speed
GitGuardian's commitment to addressing security challenges extends beyond providing powerful tools. Hopefully, this article has helped you find your way to our resources and discover what we have to offer. No matter if you are a visual, aural, reading/writing, or kinesthetic learner or somewhere in between, we have something to help you on your security journey.
Whether through informative videos on the GitGuardian YouTube channel, engaging podcasts like The Security Repo, comprehensive documentation, or insightful blog posts, GitGuardian ensures there's no wrong way to learn about securing digital secrets. We would love to work with you for hands-on learning via our CTF or Lunch and Learn opportunities. Reach out today at firstname.lastname@example.org to start the conversation.