Every company is different, and training needs vary widely. You may need to get training done quickly for compliance reasons, or you may be lining HackEDU's training up with a wider effort, in which case these guidelines may not be relevant to you.
But in general, we recommend the following:
- Keep training to 2-4 lessons a month
- Spread training out throughout the year
- Start with the OWASP Top 10
- Don't include Challenges or "Public Vulnerability" walkthroughs until users have completed at least 5-6 lessons.