Skip to main content
All CollectionsHackEDU FAQsAdministration
How to Setup an Adaptive Training Plan
How to Setup an Adaptive Training Plan

This article describes how to create an Adaptive Training Plan for your developers

Rachel Yonan avatar
Written by Rachel Yonan
Updated over a week ago

Once you have setup a Data Integration, you can use an Adaptive Training Plan to use its vulnerability data to automatically assign relevant training to your developers.

To do this, sign in to your Admin Dashboard, and click on the "Training Plans" menu item.

Click the "Change Plan Type" button next to either your organizations default plan, or one of your team plans. This will bring up the Change Plan modal.

Select the "Use Adaptive Training Plan" option.

By default, adaptive plans assign the OWASP Top 10 as fallback lessons, so users will be required to finish these once a year. It will also default to assign 4 lessons per month and will take any organization data integrations into account that you've already setup.


Clicking on the blue arrow will take you to the settings page.

Here, you can change the training frequency, grace period, vulnerability refresh time, and required training.

Max Training Frequency

Change the training frequency to whatever number of lessons you want to assign either Bi-Weekly, Monthly, or Quarterly.

Grace Period

The grace period is the number of days after a user gets onboarded before their training can be considered "past due." This way, if you are using a "Monthly" training cycle and a user is onboarded right before the end of the month, they won't immediately be considered behind.

Vulnerability Refresh Time

If a new vulnerability is found through one of your integrations, the vulnerability refresh time is the number of days that need to have passed before a user is required to do another lesson covering that vulnerability.

For example, if a user does a SQL Injection lesson on January 1, and then a new vulnerability is found in your SAST/DAST tool on January 15, the user will only be assigned another SQL Injection lesson if your "Vulnerability Refresh Time" is less than 15 days.

We typically recommend a 45 day period.

Required Training

These lessons will be assigned no matter what vulnerability data is found in your data integrations. They can be changed by clicking the "Edit" button.

If "Timing" is set for these lessons, they will be assigned no matter what your Max Training Frequency" is set to.

The "Decay" time is how long a lesson counts as completed after completing it. So if the decay time is set to 365 days, a lesson will no longer be marked as complete after a year, and the user will be assigned that lesson again.

Did this answer your question?