Over the years, Discover Financial Services (DFS) has invested significant capital and resources in the upskilling and career development of our technology workforce, to not only attract but to retain and reward the best talent in a competitive market. From conference participation and professional memberships to creating a more robust Patent & Innovation Program, to the launch of our external facing Discover Technology Experience (DTE) and internal facing Discover Technology Academy (DTA) platforms, the company routinely analyzes and leverages a diverse array of options to support and empower technologists.
Recently, we uncovered a new opportunity to deliver even greater value to our tech workforce, that not only impacts more employees but helps save money and better aligns with Discover’s ways of working. In late 2023 we rolled out the company’s first homegrown professional certification program around Application Security, to increase and accelerate technical competencies in the critical area of cybersecurity. Over 30 employees have completed the intensive multi-week program and received the DFS Certified Application Security Professional Certification to date, and many others are currently achieving this designation.
"Having participated in both the external and internal Application Security Professional Certification trainings, it’s safe to say the in-house curriculum went far and above what the vendor training offered in terms of structure, information covered, attention to detail and more." – Yoga Sanjeeva Kumar, Senior Application Security Analyst
The move towards an in-house certification program arose following several years of outside collaboration and partnerships that saw constrained engagement and a lack of DFS alignment that hindered upskilling growth. The team overseeing the training partnership saw notable gaps and began developing a stronger program that resulted in the following immediate benefits:
- Larger number of potential participants by accepting multiple fields within technology (i.e., architects, engineers, analysts) and not just application developers
- Broadened training courses to not only include industry best practices and focus but also more advanced topics and greater alignment with DFS standards, requirements, and guidelines on application security
- Move to a more cost-effective training structure by developing and facilitating in-house
The longer-term implications that this in-house certification program is expected to produce include a heightened compliance focus around application security development/management, greater emphasis on a shift-left operating approach in the product delivery lifecycle to identify risk and vulnerabilities further in advance, and the continued investment in employees’ technical growth to ensure they’re at or above par with industry level external certifications.
So, where do we go from here? Well, based on the initial success and potential of our first in-house certification, we plan on expanding the scope to roll out new internally developed certification programs in the near future while continuing to experiment and improve what we have in place right now. We see significant value in bringing more training in-house to expand the audience scope, increase alignment with DFS standards, and reduce costs even further, while also helping employees earn professional education hours toward their respective industry certifications.