Case Studies

Going beyond compliance: How Secure Code Warrior empowered Netskope developers to code cloud solutions at scale

Published Nov 15, 2023

Background

Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Situation

The speed of innovation in cloud computing and A.I. has greatly accelerated the software development lifecycle. James Robinson - CISO at Netskope - recognized that the way of doing training for developers by meeting compliance objectives with videos about secure development in only a handful of languages was not sustainable in today’s market. Their rapid adoption and rapid change in his organization created a challenge in keeping Netskope developers up to speed on new languages and technologies, but also keeping them skilled at security.

Netskope attempted to create more custom connections to broaden the languages and coverage developers received, but the engagement was still very low and soon, the training began to challenge to productivity. James wanted to shift their approach so that developers were excited about the subject through more hands-on learning approaches.

Action

Training that was done annually, or available ad-hoc, didn’t holistically address the variety of SAST Tools, infrastructure as code scanners, and could be integrated into the CI and CD security steps at Netskope. Netskope needed to be able to integrate developers’ participation in security into the analysis and testing process. That provided a baseline for secure development education that supplemented their compliance requirements.

Shift left

As Netskope began discussing “shift left”, it begged the question - what does shift left actually mean? How far does one need to shift? Leadership made the decision to change the name internally to “self-service adoption”. What this did, in principle, was empower developers to be proactive about their secure code education. In working with Secure Code Warrior, they built a program that made security content visible and accessible to developers so they wouldn’t wander to unvetted solutions.

Actionability and value

The customizable content and a myriad of hands-on learning activities from Secure Code Warrior also opened the floor for more open, productive conversations between security and developer teams. When developers began realizing value, outside of just achieving compliance, they became more engaged and intrigued about security. It also opened up the opportunity to look at critical and recurring vulnerabilities in order to create more educational content to supplement their program.

Results

After rolling out their program, Netskope was diligent in collecting feedback from developers to ensure they were getting the most value from the platform. The results were overwhelmingly positive.

According to James Robinson, CISO at Netskope:

Our developer team, thanks in large part to Secure Code Warrior’s platform, has successfully shifted left by embracing a more enticing, self-service learning approach that gets learning pathways into the developers’ hands sooner. More importantly, we feel we’re getting a better return on investment with our developer educational training efforts because of higher participation and the fact that these efforts no longer feel like they’re a check-the-box, compliance mandated activity. The byproduct of all of this is that we’re enabling our developers to be security champions.”

Key takeaways

  • Organizations that do not invest in a strong application security team allow for more risk to be introduced through their code. This ultimately wastes both time and money fixing vulnerabilities and addressing security issues.
  • Take advantage of a program that helps save time with just a couple of key-learnings every month through relevant content, rather than a hour-long compliance oriented annual training. The time saved through educating developers will manifest in the reduction of rework needed to fix vulnerabilities that shouldn’t have been introduced in the first place.
  • There is a new mandate to code cloud solutions at scale. Years ago, there was an expectation to get developers fully invested in securing code through one programming language. That is no longer the case in today’s high-tech marketplace. You need to pick multiple languages that align best to the cloud infrastructure and applications a company wants to build out and pursue.
Download PDF
View Resource
Download PDF
View Resource

This case study explores how Netskope transformed developer security education with Secure Code Warrior, empowering their developers to be proactive, engaged security champions.

Interested in more?

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demo
Share on:
Author
Published Nov 15, 2023

Share on:

Background

Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Situation

The speed of innovation in cloud computing and A.I. has greatly accelerated the software development lifecycle. James Robinson - CISO at Netskope - recognized that the way of doing training for developers by meeting compliance objectives with videos about secure development in only a handful of languages was not sustainable in today’s market. Their rapid adoption and rapid change in his organization created a challenge in keeping Netskope developers up to speed on new languages and technologies, but also keeping them skilled at security.

Netskope attempted to create more custom connections to broaden the languages and coverage developers received, but the engagement was still very low and soon, the training began to challenge to productivity. James wanted to shift their approach so that developers were excited about the subject through more hands-on learning approaches.

Action

Training that was done annually, or available ad-hoc, didn’t holistically address the variety of SAST Tools, infrastructure as code scanners, and could be integrated into the CI and CD security steps at Netskope. Netskope needed to be able to integrate developers’ participation in security into the analysis and testing process. That provided a baseline for secure development education that supplemented their compliance requirements.

Shift left

As Netskope began discussing “shift left”, it begged the question - what does shift left actually mean? How far does one need to shift? Leadership made the decision to change the name internally to “self-service adoption”. What this did, in principle, was empower developers to be proactive about their secure code education. In working with Secure Code Warrior, they built a program that made security content visible and accessible to developers so they wouldn’t wander to unvetted solutions.

Actionability and value

The customizable content and a myriad of hands-on learning activities from Secure Code Warrior also opened the floor for more open, productive conversations between security and developer teams. When developers began realizing value, outside of just achieving compliance, they became more engaged and intrigued about security. It also opened up the opportunity to look at critical and recurring vulnerabilities in order to create more educational content to supplement their program.

Results

After rolling out their program, Netskope was diligent in collecting feedback from developers to ensure they were getting the most value from the platform. The results were overwhelmingly positive.

According to James Robinson, CISO at Netskope:

Our developer team, thanks in large part to Secure Code Warrior’s platform, has successfully shifted left by embracing a more enticing, self-service learning approach that gets learning pathways into the developers’ hands sooner. More importantly, we feel we’re getting a better return on investment with our developer educational training efforts because of higher participation and the fact that these efforts no longer feel like they’re a check-the-box, compliance mandated activity. The byproduct of all of this is that we’re enabling our developers to be security champions.”

Key takeaways

  • Organizations that do not invest in a strong application security team allow for more risk to be introduced through their code. This ultimately wastes both time and money fixing vulnerabilities and addressing security issues.
  • Take advantage of a program that helps save time with just a couple of key-learnings every month through relevant content, rather than a hour-long compliance oriented annual training. The time saved through educating developers will manifest in the reduction of rework needed to fix vulnerabilities that shouldn’t have been introduced in the first place.
  • There is a new mandate to code cloud solutions at scale. Years ago, there was an expectation to get developers fully invested in securing code through one programming language. That is no longer the case in today’s high-tech marketplace. You need to pick multiple languages that align best to the cloud infrastructure and applications a company wants to build out and pursue.
Download PDF
View Resource
Download PDF
View Resource

Fill out the form below to download the report

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

Submit
To submit the form, please enable 'Analytics' cookies. Feel free to disable them again once you're done.

Background

Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Situation

The speed of innovation in cloud computing and A.I. has greatly accelerated the software development lifecycle. James Robinson - CISO at Netskope - recognized that the way of doing training for developers by meeting compliance objectives with videos about secure development in only a handful of languages was not sustainable in today’s market. Their rapid adoption and rapid change in his organization created a challenge in keeping Netskope developers up to speed on new languages and technologies, but also keeping them skilled at security.

Netskope attempted to create more custom connections to broaden the languages and coverage developers received, but the engagement was still very low and soon, the training began to challenge to productivity. James wanted to shift their approach so that developers were excited about the subject through more hands-on learning approaches.

Action

Training that was done annually, or available ad-hoc, didn’t holistically address the variety of SAST Tools, infrastructure as code scanners, and could be integrated into the CI and CD security steps at Netskope. Netskope needed to be able to integrate developers’ participation in security into the analysis and testing process. That provided a baseline for secure development education that supplemented their compliance requirements.

Shift left

As Netskope began discussing “shift left”, it begged the question - what does shift left actually mean? How far does one need to shift? Leadership made the decision to change the name internally to “self-service adoption”. What this did, in principle, was empower developers to be proactive about their secure code education. In working with Secure Code Warrior, they built a program that made security content visible and accessible to developers so they wouldn’t wander to unvetted solutions.

Actionability and value

The customizable content and a myriad of hands-on learning activities from Secure Code Warrior also opened the floor for more open, productive conversations between security and developer teams. When developers began realizing value, outside of just achieving compliance, they became more engaged and intrigued about security. It also opened up the opportunity to look at critical and recurring vulnerabilities in order to create more educational content to supplement their program.

Results

After rolling out their program, Netskope was diligent in collecting feedback from developers to ensure they were getting the most value from the platform. The results were overwhelmingly positive.

According to James Robinson, CISO at Netskope:

Our developer team, thanks in large part to Secure Code Warrior’s platform, has successfully shifted left by embracing a more enticing, self-service learning approach that gets learning pathways into the developers’ hands sooner. More importantly, we feel we’re getting a better return on investment with our developer educational training efforts because of higher participation and the fact that these efforts no longer feel like they’re a check-the-box, compliance mandated activity. The byproduct of all of this is that we’re enabling our developers to be security champions.”

Key takeaways

  • Organizations that do not invest in a strong application security team allow for more risk to be introduced through their code. This ultimately wastes both time and money fixing vulnerabilities and addressing security issues.
  • Take advantage of a program that helps save time with just a couple of key-learnings every month through relevant content, rather than a hour-long compliance oriented annual training. The time saved through educating developers will manifest in the reduction of rework needed to fix vulnerabilities that shouldn’t have been introduced in the first place.
  • There is a new mandate to code cloud solutions at scale. Years ago, there was an expectation to get developers fully invested in securing code through one programming language. That is no longer the case in today’s high-tech marketplace. You need to pick multiple languages that align best to the cloud infrastructure and applications a company wants to build out and pursue.
Get Started

Click on the link below and download the PDF of this resource.

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

View reportBook a demo
Download PDF
View Resource
Share on:
Interested in more?

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demo
Share on:
Author
Published Nov 15, 2023

Share on:

Background

Netskope, a global SASE leader, helps organizations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Situation

The speed of innovation in cloud computing and A.I. has greatly accelerated the software development lifecycle. James Robinson - CISO at Netskope - recognized that the way of doing training for developers by meeting compliance objectives with videos about secure development in only a handful of languages was not sustainable in today’s market. Their rapid adoption and rapid change in his organization created a challenge in keeping Netskope developers up to speed on new languages and technologies, but also keeping them skilled at security.

Netskope attempted to create more custom connections to broaden the languages and coverage developers received, but the engagement was still very low and soon, the training began to challenge to productivity. James wanted to shift their approach so that developers were excited about the subject through more hands-on learning approaches.

Action

Training that was done annually, or available ad-hoc, didn’t holistically address the variety of SAST Tools, infrastructure as code scanners, and could be integrated into the CI and CD security steps at Netskope. Netskope needed to be able to integrate developers’ participation in security into the analysis and testing process. That provided a baseline for secure development education that supplemented their compliance requirements.

Shift left

As Netskope began discussing “shift left”, it begged the question - what does shift left actually mean? How far does one need to shift? Leadership made the decision to change the name internally to “self-service adoption”. What this did, in principle, was empower developers to be proactive about their secure code education. In working with Secure Code Warrior, they built a program that made security content visible and accessible to developers so they wouldn’t wander to unvetted solutions.

Actionability and value

The customizable content and a myriad of hands-on learning activities from Secure Code Warrior also opened the floor for more open, productive conversations between security and developer teams. When developers began realizing value, outside of just achieving compliance, they became more engaged and intrigued about security. It also opened up the opportunity to look at critical and recurring vulnerabilities in order to create more educational content to supplement their program.

Results

After rolling out their program, Netskope was diligent in collecting feedback from developers to ensure they were getting the most value from the platform. The results were overwhelmingly positive.

According to James Robinson, CISO at Netskope:

Our developer team, thanks in large part to Secure Code Warrior’s platform, has successfully shifted left by embracing a more enticing, self-service learning approach that gets learning pathways into the developers’ hands sooner. More importantly, we feel we’re getting a better return on investment with our developer educational training efforts because of higher participation and the fact that these efforts no longer feel like they’re a check-the-box, compliance mandated activity. The byproduct of all of this is that we’re enabling our developers to be security champions.”

Key takeaways

  • Organizations that do not invest in a strong application security team allow for more risk to be introduced through their code. This ultimately wastes both time and money fixing vulnerabilities and addressing security issues.
  • Take advantage of a program that helps save time with just a couple of key-learnings every month through relevant content, rather than a hour-long compliance oriented annual training. The time saved through educating developers will manifest in the reduction of rework needed to fix vulnerabilities that shouldn’t have been introduced in the first place.
  • There is a new mandate to code cloud solutions at scale. Years ago, there was an expectation to get developers fully invested in securing code through one programming language. That is no longer the case in today’s high-tech marketplace. You need to pick multiple languages that align best to the cloud infrastructure and applications a company wants to build out and pursue.

Table of contents

Download PDF
Download PDF
View Resource
Interested in more?

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demoDownload
Share on:
Resource hub

Resources to get you started

More posts
Resource hub

Resources to get you started

More posts