It takes a village: How community spirit creates more secure developers
The phrase "it takes a village" is an old African proverb, spanning many diverse African cultures, dialects, and geographical locations. While the language used to convey this pearl of wisdom may be different, the sentiment is the same: it takes input from the entire community to create a safe, positive and enlightening environment to raise future generations into well-rounded adults.
This may seem like a long bow to draw, but truly, the developer community has thrived for decades on this very principle. The notion of the anti-social, "lone wolf" geek behind a computer is like most stereotypes: exaggerated and not the best way to learn how we operate. There are developers of all types, from all walks of life, and there has always been a sense of community in everything we do.
Long before the internet became the norm, we were on bulletin boards sharing tips, solving each other's problems and bickering over best practice (and, certainly on my side of the fence, working hard to break stuff). This sentiment hasn't changed. The internet is now a different beast, with more trolls under the bridge and a lot more noise, but a quick jump into places like Reddit and Stack Overflow will give you an immediate sense of willingness to help, camaraderie and a wealth of information.
However, one thing we could all help support are those real-world connections to people going through the same thing. There is a new layer of meaning when you interact in the real world, and facilitating an "IRL" community can accelerate knowledge sharing, clarification and expand horizons in wonderful ways.
How does the developer community support security?
Organizations like OWASP are doing incredible work in the security community, with abundant free resources on vulnerabilities, news, and critical alerts. Offline, there are OWASP chapters in cities all over the world, hosting regular events for people to come together, talk security and share tips for making our software safer. It really is awesome, and to me, it's what the development community is all about.
One thing that these communities, whether online or in-person, help to address is the skills and knowledge gap amongst developers. Many experienced developers are only too happy to pass on information, help someone get started or point them in the right direction (any good Jedi knows they need to help a Padawan every now and then).
So, it's always a real treat when we get to partner with them to host things like secure coding tournaments. So far, we have supported meetups in Australia, England, India, and the USA, and I hope there are many more to come.
What does an OWASP tournament meetup look like? Check out this video of an OWASP tournament held in London at the iconic BBC studios:
These events certainly assist in building awareness, and this momentum can be utilized within organizations when they support these grassroots initiatives, introduce fully-fledged secure coding training, as well as make a commitment to operating with positive security culture.
How do gamification and tournaments help create more secure developers?
OWASP meetups are built around socializing, sharing knowledge and discussing ideas with a wide range of security-aware individuals. However, for those who are new to security (or don't yet have an interest in it), these events may go unnoticed.
When organizations play an active role in building security awareness and sparking real interest among the developer cohort, it can have the positive flow-on effect of instilling a lifelong quest for security knowledge within - the kind we need to get everyone more serious about coding securely.
Typical training methods are rarely a huge motivator (think sitting in a classroom while your day job tasks pile up, or trying to stay awake watching endless videos), but igniting a sense of competition, fun and gamifying the process can make learning far less of a chore. Gamified learning methods make technical (and, at times, dry) knowledge far more digestible, breaking it into smaller chunks that are contextual, memorable and encourage repeat learning. Secure Code Warrior was built on a foundation of accessibility, allowing developers to keep adding to their previous learnings step-by-step, in a way that speaks to their creativity and general instinct to solve problems.
Assessments help to keep everyone on track and identifying areas for improvement, but a secure coding tournament can serve as a catalyst for organizational security awareness and positive change, as well as a way for participants to show off their robust skills. After all, when you see a tournament leaderboard updating in real-time, you're motivated to keep pushing for more points and really show off your security prowess.
What does a successful tournament look like?
The aim of our meetups with OWASP is always intended to invest in the ongoing health of the security community, helping them to promote the concept that learning about security can actually be fun.
Secure coding tournaments are a no-brainer when it comes to engaging developers, helping them to hone and realize their skills in a social environment with like-minded individuals. They assist in breaking down the artificial walls that may exist around the idea of "security", perhaps from a less-than-pleasant experience in work or education.
A truly great tournament typically consists of the following:
- A little bit of fanfare around the organization; let people outside of the development teams know what is happening and why
- An environment free of judgment, supporting developers at all levels
- A few special perks; order some food and drinks, give it a theme and encourage self-expression
- Rewards and recognition; us developers love swag, and neat prizes for winners are a bonus: remember, your future security champions might be unearthed during this process
- A sense of community and camaraderie.
We are becoming a DevSecOps world, and with security finally coming into focus from the very beginning of software development projects, developers need to be engaged early with effective training. They are integral to shielding an organization from vulnerabilities from the moment code is being written, and in a thriving security culture, everyone can rest a little easier.
There are developers of all types, from all walks of life, and there has always been a sense of community in everything we do.
Chief Executive Officer, Chairman, and Co-Founder
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoChief Executive Officer, Chairman, and Co-Founder
Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.
The phrase "it takes a village" is an old African proverb, spanning many diverse African cultures, dialects, and geographical locations. While the language used to convey this pearl of wisdom may be different, the sentiment is the same: it takes input from the entire community to create a safe, positive and enlightening environment to raise future generations into well-rounded adults.
This may seem like a long bow to draw, but truly, the developer community has thrived for decades on this very principle. The notion of the anti-social, "lone wolf" geek behind a computer is like most stereotypes: exaggerated and not the best way to learn how we operate. There are developers of all types, from all walks of life, and there has always been a sense of community in everything we do.
Long before the internet became the norm, we were on bulletin boards sharing tips, solving each other's problems and bickering over best practice (and, certainly on my side of the fence, working hard to break stuff). This sentiment hasn't changed. The internet is now a different beast, with more trolls under the bridge and a lot more noise, but a quick jump into places like Reddit and Stack Overflow will give you an immediate sense of willingness to help, camaraderie and a wealth of information.
However, one thing we could all help support are those real-world connections to people going through the same thing. There is a new layer of meaning when you interact in the real world, and facilitating an "IRL" community can accelerate knowledge sharing, clarification and expand horizons in wonderful ways.
How does the developer community support security?
Organizations like OWASP are doing incredible work in the security community, with abundant free resources on vulnerabilities, news, and critical alerts. Offline, there are OWASP chapters in cities all over the world, hosting regular events for people to come together, talk security and share tips for making our software safer. It really is awesome, and to me, it's what the development community is all about.
One thing that these communities, whether online or in-person, help to address is the skills and knowledge gap amongst developers. Many experienced developers are only too happy to pass on information, help someone get started or point them in the right direction (any good Jedi knows they need to help a Padawan every now and then).
So, it's always a real treat when we get to partner with them to host things like secure coding tournaments. So far, we have supported meetups in Australia, England, India, and the USA, and I hope there are many more to come.
What does an OWASP tournament meetup look like? Check out this video of an OWASP tournament held in London at the iconic BBC studios:
These events certainly assist in building awareness, and this momentum can be utilized within organizations when they support these grassroots initiatives, introduce fully-fledged secure coding training, as well as make a commitment to operating with positive security culture.
How do gamification and tournaments help create more secure developers?
OWASP meetups are built around socializing, sharing knowledge and discussing ideas with a wide range of security-aware individuals. However, for those who are new to security (or don't yet have an interest in it), these events may go unnoticed.
When organizations play an active role in building security awareness and sparking real interest among the developer cohort, it can have the positive flow-on effect of instilling a lifelong quest for security knowledge within - the kind we need to get everyone more serious about coding securely.
Typical training methods are rarely a huge motivator (think sitting in a classroom while your day job tasks pile up, or trying to stay awake watching endless videos), but igniting a sense of competition, fun and gamifying the process can make learning far less of a chore. Gamified learning methods make technical (and, at times, dry) knowledge far more digestible, breaking it into smaller chunks that are contextual, memorable and encourage repeat learning. Secure Code Warrior was built on a foundation of accessibility, allowing developers to keep adding to their previous learnings step-by-step, in a way that speaks to their creativity and general instinct to solve problems.
Assessments help to keep everyone on track and identifying areas for improvement, but a secure coding tournament can serve as a catalyst for organizational security awareness and positive change, as well as a way for participants to show off their robust skills. After all, when you see a tournament leaderboard updating in real-time, you're motivated to keep pushing for more points and really show off your security prowess.
What does a successful tournament look like?
The aim of our meetups with OWASP is always intended to invest in the ongoing health of the security community, helping them to promote the concept that learning about security can actually be fun.
Secure coding tournaments are a no-brainer when it comes to engaging developers, helping them to hone and realize their skills in a social environment with like-minded individuals. They assist in breaking down the artificial walls that may exist around the idea of "security", perhaps from a less-than-pleasant experience in work or education.
A truly great tournament typically consists of the following:
- A little bit of fanfare around the organization; let people outside of the development teams know what is happening and why
- An environment free of judgment, supporting developers at all levels
- A few special perks; order some food and drinks, give it a theme and encourage self-expression
- Rewards and recognition; us developers love swag, and neat prizes for winners are a bonus: remember, your future security champions might be unearthed during this process
- A sense of community and camaraderie.
We are becoming a DevSecOps world, and with security finally coming into focus from the very beginning of software development projects, developers need to be engaged early with effective training. They are integral to shielding an organization from vulnerabilities from the moment code is being written, and in a thriving security culture, everyone can rest a little easier.
The phrase "it takes a village" is an old African proverb, spanning many diverse African cultures, dialects, and geographical locations. While the language used to convey this pearl of wisdom may be different, the sentiment is the same: it takes input from the entire community to create a safe, positive and enlightening environment to raise future generations into well-rounded adults.
This may seem like a long bow to draw, but truly, the developer community has thrived for decades on this very principle. The notion of the anti-social, "lone wolf" geek behind a computer is like most stereotypes: exaggerated and not the best way to learn how we operate. There are developers of all types, from all walks of life, and there has always been a sense of community in everything we do.
Long before the internet became the norm, we were on bulletin boards sharing tips, solving each other's problems and bickering over best practice (and, certainly on my side of the fence, working hard to break stuff). This sentiment hasn't changed. The internet is now a different beast, with more trolls under the bridge and a lot more noise, but a quick jump into places like Reddit and Stack Overflow will give you an immediate sense of willingness to help, camaraderie and a wealth of information.
However, one thing we could all help support are those real-world connections to people going through the same thing. There is a new layer of meaning when you interact in the real world, and facilitating an "IRL" community can accelerate knowledge sharing, clarification and expand horizons in wonderful ways.
How does the developer community support security?
Organizations like OWASP are doing incredible work in the security community, with abundant free resources on vulnerabilities, news, and critical alerts. Offline, there are OWASP chapters in cities all over the world, hosting regular events for people to come together, talk security and share tips for making our software safer. It really is awesome, and to me, it's what the development community is all about.
One thing that these communities, whether online or in-person, help to address is the skills and knowledge gap amongst developers. Many experienced developers are only too happy to pass on information, help someone get started or point them in the right direction (any good Jedi knows they need to help a Padawan every now and then).
So, it's always a real treat when we get to partner with them to host things like secure coding tournaments. So far, we have supported meetups in Australia, England, India, and the USA, and I hope there are many more to come.
What does an OWASP tournament meetup look like? Check out this video of an OWASP tournament held in London at the iconic BBC studios:
These events certainly assist in building awareness, and this momentum can be utilized within organizations when they support these grassroots initiatives, introduce fully-fledged secure coding training, as well as make a commitment to operating with positive security culture.
How do gamification and tournaments help create more secure developers?
OWASP meetups are built around socializing, sharing knowledge and discussing ideas with a wide range of security-aware individuals. However, for those who are new to security (or don't yet have an interest in it), these events may go unnoticed.
When organizations play an active role in building security awareness and sparking real interest among the developer cohort, it can have the positive flow-on effect of instilling a lifelong quest for security knowledge within - the kind we need to get everyone more serious about coding securely.
Typical training methods are rarely a huge motivator (think sitting in a classroom while your day job tasks pile up, or trying to stay awake watching endless videos), but igniting a sense of competition, fun and gamifying the process can make learning far less of a chore. Gamified learning methods make technical (and, at times, dry) knowledge far more digestible, breaking it into smaller chunks that are contextual, memorable and encourage repeat learning. Secure Code Warrior was built on a foundation of accessibility, allowing developers to keep adding to their previous learnings step-by-step, in a way that speaks to their creativity and general instinct to solve problems.
Assessments help to keep everyone on track and identifying areas for improvement, but a secure coding tournament can serve as a catalyst for organizational security awareness and positive change, as well as a way for participants to show off their robust skills. After all, when you see a tournament leaderboard updating in real-time, you're motivated to keep pushing for more points and really show off your security prowess.
What does a successful tournament look like?
The aim of our meetups with OWASP is always intended to invest in the ongoing health of the security community, helping them to promote the concept that learning about security can actually be fun.
Secure coding tournaments are a no-brainer when it comes to engaging developers, helping them to hone and realize their skills in a social environment with like-minded individuals. They assist in breaking down the artificial walls that may exist around the idea of "security", perhaps from a less-than-pleasant experience in work or education.
A truly great tournament typically consists of the following:
- A little bit of fanfare around the organization; let people outside of the development teams know what is happening and why
- An environment free of judgment, supporting developers at all levels
- A few special perks; order some food and drinks, give it a theme and encourage self-expression
- Rewards and recognition; us developers love swag, and neat prizes for winners are a bonus: remember, your future security champions might be unearthed during this process
- A sense of community and camaraderie.
We are becoming a DevSecOps world, and with security finally coming into focus from the very beginning of software development projects, developers need to be engaged early with effective training. They are integral to shielding an organization from vulnerabilities from the moment code is being written, and in a thriving security culture, everyone can rest a little easier.
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demoChief Executive Officer, Chairman, and Co-Founder
Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.
The phrase "it takes a village" is an old African proverb, spanning many diverse African cultures, dialects, and geographical locations. While the language used to convey this pearl of wisdom may be different, the sentiment is the same: it takes input from the entire community to create a safe, positive and enlightening environment to raise future generations into well-rounded adults.
This may seem like a long bow to draw, but truly, the developer community has thrived for decades on this very principle. The notion of the anti-social, "lone wolf" geek behind a computer is like most stereotypes: exaggerated and not the best way to learn how we operate. There are developers of all types, from all walks of life, and there has always been a sense of community in everything we do.
Long before the internet became the norm, we were on bulletin boards sharing tips, solving each other's problems and bickering over best practice (and, certainly on my side of the fence, working hard to break stuff). This sentiment hasn't changed. The internet is now a different beast, with more trolls under the bridge and a lot more noise, but a quick jump into places like Reddit and Stack Overflow will give you an immediate sense of willingness to help, camaraderie and a wealth of information.
However, one thing we could all help support are those real-world connections to people going through the same thing. There is a new layer of meaning when you interact in the real world, and facilitating an "IRL" community can accelerate knowledge sharing, clarification and expand horizons in wonderful ways.
How does the developer community support security?
Organizations like OWASP are doing incredible work in the security community, with abundant free resources on vulnerabilities, news, and critical alerts. Offline, there are OWASP chapters in cities all over the world, hosting regular events for people to come together, talk security and share tips for making our software safer. It really is awesome, and to me, it's what the development community is all about.
One thing that these communities, whether online or in-person, help to address is the skills and knowledge gap amongst developers. Many experienced developers are only too happy to pass on information, help someone get started or point them in the right direction (any good Jedi knows they need to help a Padawan every now and then).
So, it's always a real treat when we get to partner with them to host things like secure coding tournaments. So far, we have supported meetups in Australia, England, India, and the USA, and I hope there are many more to come.
What does an OWASP tournament meetup look like? Check out this video of an OWASP tournament held in London at the iconic BBC studios:
These events certainly assist in building awareness, and this momentum can be utilized within organizations when they support these grassroots initiatives, introduce fully-fledged secure coding training, as well as make a commitment to operating with positive security culture.
How do gamification and tournaments help create more secure developers?
OWASP meetups are built around socializing, sharing knowledge and discussing ideas with a wide range of security-aware individuals. However, for those who are new to security (or don't yet have an interest in it), these events may go unnoticed.
When organizations play an active role in building security awareness and sparking real interest among the developer cohort, it can have the positive flow-on effect of instilling a lifelong quest for security knowledge within - the kind we need to get everyone more serious about coding securely.
Typical training methods are rarely a huge motivator (think sitting in a classroom while your day job tasks pile up, or trying to stay awake watching endless videos), but igniting a sense of competition, fun and gamifying the process can make learning far less of a chore. Gamified learning methods make technical (and, at times, dry) knowledge far more digestible, breaking it into smaller chunks that are contextual, memorable and encourage repeat learning. Secure Code Warrior was built on a foundation of accessibility, allowing developers to keep adding to their previous learnings step-by-step, in a way that speaks to their creativity and general instinct to solve problems.
Assessments help to keep everyone on track and identifying areas for improvement, but a secure coding tournament can serve as a catalyst for organizational security awareness and positive change, as well as a way for participants to show off their robust skills. After all, when you see a tournament leaderboard updating in real-time, you're motivated to keep pushing for more points and really show off your security prowess.
What does a successful tournament look like?
The aim of our meetups with OWASP is always intended to invest in the ongoing health of the security community, helping them to promote the concept that learning about security can actually be fun.
Secure coding tournaments are a no-brainer when it comes to engaging developers, helping them to hone and realize their skills in a social environment with like-minded individuals. They assist in breaking down the artificial walls that may exist around the idea of "security", perhaps from a less-than-pleasant experience in work or education.
A truly great tournament typically consists of the following:
- A little bit of fanfare around the organization; let people outside of the development teams know what is happening and why
- An environment free of judgment, supporting developers at all levels
- A few special perks; order some food and drinks, give it a theme and encourage self-expression
- Rewards and recognition; us developers love swag, and neat prizes for winners are a bonus: remember, your future security champions might be unearthed during this process
- A sense of community and camaraderie.
We are becoming a DevSecOps world, and with security finally coming into focus from the very beginning of software development projects, developers need to be engaged early with effective training. They are integral to shielding an organization from vulnerabilities from the moment code is being written, and in a thriving security culture, everyone can rest a little easier.
Table of contents
Chief Executive Officer, Chairman, and Co-Founder
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Benchmarking Security Skills: Streamlining Secure-by-Design in the Enterprise
The Secure-by-Design movement is the future of secure software development. Learn about the key elements companies need to keep in mind when they think about a Secure-by-Design initiative.
DigitalOcean Decreases Security Debt with Secure Code Warrior
DigitalOcean's use of Secure Code Warrior training has significantly reduced security debt, allowing teams to focus more on innovation and productivity. The improved security has strengthened their product quality and competitive edge. Looking ahead, the SCW Trust Score will help them further enhance security practices and continue driving innovation.
Resources to get you started
Trust Score Reveals the Value of Secure-by-Design Upskilling Initiatives
Our research has shown that secure code training works. Trust Score, using an algorithm drawing on more than 20 million learning data points from work by more than 250,000 learners at over 600 organizations, reveals its effectiveness in driving down vulnerabilities and how to make the initiative even more effective.
Reactive Versus Preventive Security: Prevention Is a Better Cure
The idea of bringing preventive security to legacy code and systems at the same time as newer applications can seem daunting, but a Secure-by-Design approach, enforced by upskilling developers, can apply security best practices to those systems. It’s the best chance many organizations have of improving their security postures.
The Benefits of Benchmarking Security Skills for Developers
The growing focus on secure code and Secure-by-Design principles requires developers to be trained in cybersecurity from the start of the SDLC, with tools like Secure Code Warrior’s Trust Score helping measure and improve their progress.
Driving Meaningful Success for Enterprise Secure-by-Design Initiatives
Our latest research paper, Benchmarking Security Skills: Streamlining Secure-by-Design in the Enterprise is the result of deep analysis of real Secure-by-Design initiatives at the enterprise level, and deriving best practice approaches based on data-driven findings.