Training plan | Fluid Attacks Help

Training plan

Fluid Attacks maintains rigorous standards for its technical teams. The company conducts a training plan its talent must complete to ensure they have the essential skills in secure coding and application testing. They are required to send their achieved certificates of completion to the relevant staff. Additionally, Fluid Attacks offers a program to foster further professional development.

Pre-entry certification

Pentesters joining Fluid Attacks are required to complete a pre-entry certification to ensure that they meet the technical level demonstrated in the selection process. Fluid Attacks covers the full cost of two certifications related to web or mobile application testing. These certifications are chosen according to the talent's profile and must be obtained within a 45-day period.

Secure code training

At Fluid Attacks, it is mandatory for talent from the development and pentesting teams to complete training on several secure coding practices, thus fostering their capabilities for recognizing and avoiding common vulnerabilities.

Secure code training focuses on teaching individuals how to write code that is not only functional but also secure from different types of cyber threats. The main goal of this training is to ensure that software is developed with security as a key part of it. Also, by learning secure coding practices, individuals can identify vulnerable and noncompliant code more efficiently. Software development projects using this approach reduce their vulnerabilities, enhance their overall security posture, and promote a culture of strong application security.

Fluid Attacks uses the training course Developing Secure Software (LFD121) by The Linux Foundation, as its content covers important security topics that can be useful in Fluid Attacks' context.

Some of the topics are the following:
  1. Security basics
  2. Secure design principles
  3. Reusing external software
  4. Input validation
  5. Processing data securely
  6. Threat modeling
  7. Cryptography

Code review training

Fluid Attacks’ pentesters are encouraged to complete code review exercises on different programming languages. The goal with this is to have an in-depth and continuous code review training with real vulnerabilities.

Fluid Attacks has chosen PentesterLab as our code review training provider. They provide a comprehensive and up-to-date list of exercises that are based on real-world scenarios.

Further training

Additionally, in line with fostering a culture of continuous learning and professional development, all talent has voluntary access to Fluid Attacks' Certification Hub program. In the latter, they can apply for support to access additional industry-related certifications they are interested in. This helps individuals to pursue specialized knowledge and enhance their expertise beyond the initial training requirements. Moreover, all talent completes awareness training that has a six-month recurrence.

Compliance training

Fluid Attacks mandates that all employees in compliance-related roles undergo essential training on standards and regulations. This privacy and security role training is crucial for legal compliance and the accurate fulfillment of critical obligations. The topics covered in the training will be used based on each role's responsibilities.


The training chosen to comply with the requirements below is:
  1. Diploma in GDPR and Data Protection
  2. Data Protection Officer Training

Incident Manager

  1. Privacy incident response and breach assessment
  2. 72-hour breach notifications (GDPR Article 33-34)
  3. Data subject alerts and cross-border coordination
  4. Evidence collection and containment measures

Data Protection Officer (DPO)

  1. Complete GDPR and ISO 27701 PIMS framework
  2. Data subject rights and DPIA methodology
  3. Supervisory authority liaison
  4. International transfers and privacy by design
  1. Legal basis assessment and EU data protection law
  2. Data processing contracts
  3. Regulatory enforcement and policy development
  4. Third-party agreements and cross-border transfers

Information Security and Privacy Leader

  1. Strategic PIMS and ISMS implementation
  2. Multi-standard compliance (ISO 27001, ISO 27701, GDPR)
  3. Accountability frameworks and governance
  4. Executive reporting and regulatory relationships