Going beyond compliance: How Secure Code Warrior empowered Netskope developers to code cloud solutions at scale
Background
Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.
Situation
The speed of innovation in cloud computing and A.I. has greatly accelerated the software development lifecycle. James Robinson - CISO at Netskope - recognized that the way of doing training for developers by meeting compliance objectives with videos about secure development in only a handful of languages was not sustainable in today’s market. Their rapid adoption and rapid change in his organization created a challenge in keeping Netskope developers up to speed on new languages and technologies, but also keeping them skilled at security.
Netskope attempted to create more custom connections to broaden the languages and coverage developers received, but the engagement was still very low and soon, the training began to challenge to productivity. James wanted to shift their approach so that developers were excited about the subject through more hands-on learning approaches.
Action
Training that was done annually, or available ad-hoc, didn’t holistically address the variety of SAST Tools, infrastructure as code scanners, and could be integrated into the CI and CD security steps at Netskope. Netskope needed to be able to integrate developers’ participation in security into the analysis and testing process. That provided a baseline for secure development education that supplemented their compliance requirements.
Shift left
As Netskope began discussing “shift left”, it begged the question - what does shift left actually mean? How far does one need to shift? Leadership made the decision to change the name internally to “self-service adoption”. What this did, in principle, was empower developers to be proactive about their secure code education. In working with Secure Code Warrior, they built a program that made security content visible and accessible to developers so they wouldn’t wander to unvetted solutions.
Actionability and value
The customizable content and a myriad of hands-on learning activities from Secure Code Warrior also opened the floor for more open, productive conversations between security and developer teams. When developers began realizing value, outside of just achieving compliance, they became more engaged and intrigued about security. It also opened up the opportunity to look at critical and recurring vulnerabilities in order to create more educational content to supplement their program.
Results
After rolling out their program, Netskope was diligent in collecting feedback from developers to ensure they were getting the most value from the platform. The results were overwhelmingly positive.
According to James Robinson, CISO at Netskope:
Our developer team, thanks in large part to Secure Code Warrior’s platform, has successfully shifted left by embracing a more enticing, self-service learning approach that gets learning pathways into the developers’ hands sooner. More importantly, we feel we’re getting a better return on investment with our developer educational training efforts because of higher participation and the fact that these efforts no longer feel like they’re a check-the-box, compliance mandated activity. The byproduct of all of this is that we’re enabling our developers to be security champions.”
Key takeaways
- Organizations that do not invest in a strong application security team allow for more risk to be introduced through their code. This ultimately wastes both time and money fixing vulnerabilities and addressing security issues.
- Take advantage of a program that helps save time with just a couple of key-learnings every month through relevant content, rather than a hour-long compliance oriented annual training. The time saved through educating developers will manifest in the reduction of rework needed to fix vulnerabilities that shouldn’t have been introduced in the first place.
- There is a new mandate to code cloud solutions at scale. Years ago, there was an expectation to get developers fully invested in securing code through one programming language. That is no longer the case in today’s high-tech marketplace. You need to pick multiple languages that align best to the cloud infrastructure and applications a company wants to build out and pursue.
This case study explores how Netskope transformed developer security education with Secure Code Warrior, empowering their developers to be proactive, engaged security champions.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demo
Background
Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.
Situation
The speed of innovation in cloud computing and A.I. has greatly accelerated the software development lifecycle. James Robinson - CISO at Netskope - recognized that the way of doing training for developers by meeting compliance objectives with videos about secure development in only a handful of languages was not sustainable in today’s market. Their rapid adoption and rapid change in his organization created a challenge in keeping Netskope developers up to speed on new languages and technologies, but also keeping them skilled at security.
Netskope attempted to create more custom connections to broaden the languages and coverage developers received, but the engagement was still very low and soon, the training began to challenge to productivity. James wanted to shift their approach so that developers were excited about the subject through more hands-on learning approaches.
Action
Training that was done annually, or available ad-hoc, didn’t holistically address the variety of SAST Tools, infrastructure as code scanners, and could be integrated into the CI and CD security steps at Netskope. Netskope needed to be able to integrate developers’ participation in security into the analysis and testing process. That provided a baseline for secure development education that supplemented their compliance requirements.
Shift left
As Netskope began discussing “shift left”, it begged the question - what does shift left actually mean? How far does one need to shift? Leadership made the decision to change the name internally to “self-service adoption”. What this did, in principle, was empower developers to be proactive about their secure code education. In working with Secure Code Warrior, they built a program that made security content visible and accessible to developers so they wouldn’t wander to unvetted solutions.
Actionability and value
The customizable content and a myriad of hands-on learning activities from Secure Code Warrior also opened the floor for more open, productive conversations between security and developer teams. When developers began realizing value, outside of just achieving compliance, they became more engaged and intrigued about security. It also opened up the opportunity to look at critical and recurring vulnerabilities in order to create more educational content to supplement their program.
Results
After rolling out their program, Netskope was diligent in collecting feedback from developers to ensure they were getting the most value from the platform. The results were overwhelmingly positive.
According to James Robinson, CISO at Netskope:
Our developer team, thanks in large part to Secure Code Warrior’s platform, has successfully shifted left by embracing a more enticing, self-service learning approach that gets learning pathways into the developers’ hands sooner. More importantly, we feel we’re getting a better return on investment with our developer educational training efforts because of higher participation and the fact that these efforts no longer feel like they’re a check-the-box, compliance mandated activity. The byproduct of all of this is that we’re enabling our developers to be security champions.”
Key takeaways
- Organizations that do not invest in a strong application security team allow for more risk to be introduced through their code. This ultimately wastes both time and money fixing vulnerabilities and addressing security issues.
- Take advantage of a program that helps save time with just a couple of key-learnings every month through relevant content, rather than a hour-long compliance oriented annual training. The time saved through educating developers will manifest in the reduction of rework needed to fix vulnerabilities that shouldn’t have been introduced in the first place.
- There is a new mandate to code cloud solutions at scale. Years ago, there was an expectation to get developers fully invested in securing code through one programming language. That is no longer the case in today’s high-tech marketplace. You need to pick multiple languages that align best to the cloud infrastructure and applications a company wants to build out and pursue.
Background
Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.
Situation
The speed of innovation in cloud computing and A.I. has greatly accelerated the software development lifecycle. James Robinson - CISO at Netskope - recognized that the way of doing training for developers by meeting compliance objectives with videos about secure development in only a handful of languages was not sustainable in today’s market. Their rapid adoption and rapid change in his organization created a challenge in keeping Netskope developers up to speed on new languages and technologies, but also keeping them skilled at security.
Netskope attempted to create more custom connections to broaden the languages and coverage developers received, but the engagement was still very low and soon, the training began to challenge to productivity. James wanted to shift their approach so that developers were excited about the subject through more hands-on learning approaches.
Action
Training that was done annually, or available ad-hoc, didn’t holistically address the variety of SAST Tools, infrastructure as code scanners, and could be integrated into the CI and CD security steps at Netskope. Netskope needed to be able to integrate developers’ participation in security into the analysis and testing process. That provided a baseline for secure development education that supplemented their compliance requirements.
Shift left
As Netskope began discussing “shift left”, it begged the question - what does shift left actually mean? How far does one need to shift? Leadership made the decision to change the name internally to “self-service adoption”. What this did, in principle, was empower developers to be proactive about their secure code education. In working with Secure Code Warrior, they built a program that made security content visible and accessible to developers so they wouldn’t wander to unvetted solutions.
Actionability and value
The customizable content and a myriad of hands-on learning activities from Secure Code Warrior also opened the floor for more open, productive conversations between security and developer teams. When developers began realizing value, outside of just achieving compliance, they became more engaged and intrigued about security. It also opened up the opportunity to look at critical and recurring vulnerabilities in order to create more educational content to supplement their program.
Results
After rolling out their program, Netskope was diligent in collecting feedback from developers to ensure they were getting the most value from the platform. The results were overwhelmingly positive.
According to James Robinson, CISO at Netskope:
Our developer team, thanks in large part to Secure Code Warrior’s platform, has successfully shifted left by embracing a more enticing, self-service learning approach that gets learning pathways into the developers’ hands sooner. More importantly, we feel we’re getting a better return on investment with our developer educational training efforts because of higher participation and the fact that these efforts no longer feel like they’re a check-the-box, compliance mandated activity. The byproduct of all of this is that we’re enabling our developers to be security champions.”
Key takeaways
- Organizations that do not invest in a strong application security team allow for more risk to be introduced through their code. This ultimately wastes both time and money fixing vulnerabilities and addressing security issues.
- Take advantage of a program that helps save time with just a couple of key-learnings every month through relevant content, rather than a hour-long compliance oriented annual training. The time saved through educating developers will manifest in the reduction of rework needed to fix vulnerabilities that shouldn’t have been introduced in the first place.
- There is a new mandate to code cloud solutions at scale. Years ago, there was an expectation to get developers fully invested in securing code through one programming language. That is no longer the case in today’s high-tech marketplace. You need to pick multiple languages that align best to the cloud infrastructure and applications a company wants to build out and pursue.
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demo
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoBackground
Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.
Situation
The speed of innovation in cloud computing and A.I. has greatly accelerated the software development lifecycle. James Robinson - CISO at Netskope - recognized that the way of doing training for developers by meeting compliance objectives with videos about secure development in only a handful of languages was not sustainable in today’s market. Their rapid adoption and rapid change in his organization created a challenge in keeping Netskope developers up to speed on new languages and technologies, but also keeping them skilled at security.
Netskope attempted to create more custom connections to broaden the languages and coverage developers received, but the engagement was still very low and soon, the training began to challenge to productivity. James wanted to shift their approach so that developers were excited about the subject through more hands-on learning approaches.
Action
Training that was done annually, or available ad-hoc, didn’t holistically address the variety of SAST Tools, infrastructure as code scanners, and could be integrated into the CI and CD security steps at Netskope. Netskope needed to be able to integrate developers’ participation in security into the analysis and testing process. That provided a baseline for secure development education that supplemented their compliance requirements.
Shift left
As Netskope began discussing “shift left”, it begged the question - what does shift left actually mean? How far does one need to shift? Leadership made the decision to change the name internally to “self-service adoption”. What this did, in principle, was empower developers to be proactive about their secure code education. In working with Secure Code Warrior, they built a program that made security content visible and accessible to developers so they wouldn’t wander to unvetted solutions.
Actionability and value
The customizable content and a myriad of hands-on learning activities from Secure Code Warrior also opened the floor for more open, productive conversations between security and developer teams. When developers began realizing value, outside of just achieving compliance, they became more engaged and intrigued about security. It also opened up the opportunity to look at critical and recurring vulnerabilities in order to create more educational content to supplement their program.
Results
After rolling out their program, Netskope was diligent in collecting feedback from developers to ensure they were getting the most value from the platform. The results were overwhelmingly positive.
According to James Robinson, CISO at Netskope:
Our developer team, thanks in large part to Secure Code Warrior’s platform, has successfully shifted left by embracing a more enticing, self-service learning approach that gets learning pathways into the developers’ hands sooner. More importantly, we feel we’re getting a better return on investment with our developer educational training efforts because of higher participation and the fact that these efforts no longer feel like they’re a check-the-box, compliance mandated activity. The byproduct of all of this is that we’re enabling our developers to be security champions.”
Key takeaways
- Organizations that do not invest in a strong application security team allow for more risk to be introduced through their code. This ultimately wastes both time and money fixing vulnerabilities and addressing security issues.
- Take advantage of a program that helps save time with just a couple of key-learnings every month through relevant content, rather than a hour-long compliance oriented annual training. The time saved through educating developers will manifest in the reduction of rework needed to fix vulnerabilities that shouldn’t have been introduced in the first place.
- There is a new mandate to code cloud solutions at scale. Years ago, there was an expectation to get developers fully invested in securing code through one programming language. That is no longer the case in today’s high-tech marketplace. You need to pick multiple languages that align best to the cloud infrastructure and applications a company wants to build out and pursue.
Table of contents
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Turn Awareness Into Action This Cyber Awareness Month
This October, turn awareness into action. Make Cyber Awareness Month memorable for your developers with a high-impact, high-participation experience—led by Secure Code Warrior's Professional Services team.
Secure code training topics & content
Our industry-leading content is always evolving to fit the ever changing software development landscape with your role in mind. Topics covering everything from AI to XQuery Injection, offered for a variety of roles from Architects and Engineers to Product Managers and QA. Get a sneak peak of what our content catalog has to offer by topic and role.
Quests: Industry leading learning to keep developers ahead of the game mitigating risk.
Quests is a learning platform that helps developers mitigate software security risks by enhancing their secure coding skills. With curated learning paths, hands-on challenges, and interactive activities, it empowers developers to identify and prevent vulnerabilities.
Resources to get you started
Is Vibe Coding Going to Turn Your Codebase Into a Frat Party?
Vibe coding is like a college frat party, and AI is the centerpiece of all the festivities, the keg. It’s a lot of fun to let loose, get creative, and see where your imagination can take you, but after a few keg stands, drinking (or, using AI) in moderation is undoubtedly the safer long-term solution.
The Decade of the Defenders: Secure Code Warrior Turns Ten
Secure Code Warrior's founding team has stayed together, steering the ship through every lesson, triumph, and setback for an entire decade. We’re scaling up and ready to face our next chapter, SCW 2.0, as the leaders in developer risk management.
Developer-driven coding.
Securely.
Contact us today and make software security an intrinsic part of your development process.
