Without further ado, we are happy to announce the release of our newest developer tool,…
It still shocks me how many companies gamble that “it won’t happen to us” when it comes to learning security. (This is also known as the “Well, we haven’t been hit yet, so we’ll just go on pretending attacks won’t happen to us” technique or the “La la la I can’t hear you” strategy.) It’s a gamble with terrible odds, where nobody wins, and best outcome you can hope for is to break even or lose.
This born-and-bred Boston guy took a trip to Orlando last month. But I wasn’t hanging out at Disney World for R+R, instead, I was hanging out at one of the largest gatherings of industry training professionals at Maise’s Learning 2016 conference.
My favorite part of all conferences is the time between sessions: those minutes when everyone converges near those little stands with the paper cups of black gold. It’s an opportunity I love because everyone’s brain is buzzing and active from the session they were just in. (Initial takeaway: October in Florida is a whole different animal than October in Massachusetts: you won’t find conference goers in the Back Bay making convo by the pool in the evening hours. In Orlando, some of our best collaborating happened there.)
Overstimulated by caffeine and ideas, I chatted up my neighbor at the coffee station as I dumped a splash of milk into my coffee. We chatted about the sessions (of course), where we’re from, where we work, and what kind of training we do. I explained that I work at Codiscope, where we develop security training for developers that help them write more secure code. He nodded blankly, so I clarified: “You know, for the people who write code for apps and websites and services. The training we produce helps them keep your personal information secure from bad guys.” That gets through.
His expression was one I’ve seen dozens of times: that look that’s a combination of revelation, shame, and impending doom, that look that says “’We don’t, well we sort of do security training, I know we should, but I can’t get anyone to put a priority on it.”
By the end of day one at Maise’s, I knew I was on a research mission with my one-question questionnaire. I must have asked 30 people throughout the three days of sessions the same exact question. With one exception, everyone I asked had the same approximate answer as my coffee pal. That one exception, though, said his company does do security training of some sort for everyone in the company. “Whoa, awesome!” I said. “So how did you work that miracle?”
He told me his cautionary tale. “A year ago, one of our cloud service providers got DDoS’ed, and it took down services for all of our 200-plus customers. Once we realized it wasn’t us directly who was attacked, we communicated that to our customers. But we realized that we were not prepared for this kind of incident.”
The moral of his story was one that’s quite common: only after a serious incident occurred did they attempt to prevent further problems. One year later, they still refer darkly to the DDoS attack as “The Incident.”
In other words, most companies are living in a reactive state.
So how to proactively learn security (or learn security at all)? The answer is to empower your employees to become continuously tactical in their day-to-day operations when it comes to security.
Yes, I said it: continuously tactical. What does this actually mean? Let’s break it down.
“Tactical” here refers to the in-the-moment, on-the-job opportunities to fix your behavior and learn from your actions — a “fix the problem in front of my face first” mentality. At Codiscope. Jacks is this tactical learning tool for developers. The guidance and patches that Jacks produces after a code scan act as an encyclopedia of on-the-job training aids that can help developers fix immediate problems. This is Jacks at present.
“Continuously” is where developers can start to become proactive, and expand and tie their in-the-moment learning spikes to more in-depth levels of application and discovery. Codiscope’s eLearning offerings address the “continuously” part of the equation by giving pragmatic, topical education and training on language- and technology-centric topics. This is Jacks‘ future.
Of course the real magic starts when you put these two great tastes together: the power to immediately fix the issues in front of me PLUS the in-depth training that will give me the edge over time— continuous and tactical. Oh sure, they’re both great separately, but put them together and you’ve got the proverbial Reese’s Peanut Butter Cup of developer goodness. Jacks identifies and fixes your problems now, but also points you to related training you can use to expand your knowledge and avoid the same problems in the future. eLearning alone provides an excellent body of knowledge, but when a developer is able to put that knowledge to the test in a real, personal, on-the-job scenario, the opportunity for long-term retention and recall increases dramatically.
It’s a cycle: one side feeds on the other, and back again. This is what continuous learning is about. The ability to relate (through stories and analogies), reflect (through assessment), and apply (with Jacks) the knowledge in the training to your own work exponentially increases the likelihood of knowledge retention.
Our training is designed with this in mind: the prevention of knowledge oozing out your ears and evaporating. Our goal is to help developers discover more about the code they write, fix problems that arise, and maintain constant vigilance and curiosity to keep their code secure.
Stay tuned for more exciting experiences in learning from Codiscope.