[T2.9: 35] Deliver role-specific advanced curriculum.
Software security training goes beyond building awareness (see [T 1 .1 Conduct software security awareness training]) by enabling students to incorporate security practices into their work. This training is tailored to cover the tools, technology stacks, development methodologies, and bugs that are most relevant to students. An organization could offer tracks for its engineers, for example: one each for architects, developers, operations, site reliability engineers, and testers. Tool-specific training is also commonly needed in such a curriculum. While perhaps more concise than engineering training, role-specific training is necessary for many stakeholders within an organization, including product management, executives, and others. In any case, the training must be taken by a broad enough audience to build the desired skillsets.