Enabler 5: Certification Programs

A fundamental indicator of a mature and sustainable secure coding program is the implementation of Enabler 5: Certification Programs. Moving beyond introductory training, a successful program offers a structured path that helps developers continuously build their skills. Not only do certifications help ensure developers' continued engagement, but they also reinforce that developers’ achievements are valuable and important to the company overall. 

Progression, Not Just Participation

The primary goal of a multi-level certification program is to establish what developer progress looks like and give them something meaningful to achieve.

It is essential that secure coding education is not a 'one-and-done' approach. To drive developers to regularly return to your chosen training platform and achieve higher levels of secure coding knowledge & skill, the program must have clear progression and differentiated levels. They can be playful and fun as well as provide highly visible structured progression. Examples include: 

• Medals - Bronze, Silver, Gold, and Platinum
• Martial Arts Belts - White, Yellow, Green, Black, etc.
• Military Rankings - Private, Corporal, Lieutenant, Colonel, etc.
• Video Game Examples - Initiate, Cadet, Sentinel, and Champion

Other ideas include simple numbered lists or elements related to your own organization or program branding (see Enabler 8: Branding Your Program). Remember that continuity in program branding helps ensure a seamless experience that can add some fun for your developers.

How Certification Drives Lasting Skills

The structure of your certification program utilizes specific activities to ensure skills are not just learned, but retained and validated:

To maximize impact, organizations must articulate the impact and benefit of moving through the different levels. This might include incentives like rewards or recognition for reaching certain levels (Enabler 7: Developer Recognition) or even requiring secure code training for career advancement (Enabler 10: Training Linked to Career Progression). 

Embedding Value with Executive Support 

For the certification achievement to hold weight, it must be officially recognized by your organization. Ideally, the C-Suite (related to Enabler 2) should add their names to the certificates. This simple act signals to the entire development community that achieving secure coding skills is valuable and important to the company overall.

Other opportunities for executives to highlight their achievements in professional spaces include team meetings, internal newsletters, company awards nights, and professional platforms like LinkedIn.

Certification and Program Maturity

Certification programs are a critical element for elevating your secure coding program’s maturity. They transform secure code training from a static requirement into a dynamic career pathway, giving developers tangible and progressive professional achievements to strive for.

With 4–6 enablers implemented, including certifications, a program has reached the Adopting stage, meaning the developers have begun to engage with and adopt the program and the organization as a whole has begun to incorporate secure coding as the foundation of its SDLC. Our next post will discuss Enabler 6: Regular Reporting to Leadership, which provides regular, relevant updates to help ensure continued executive buy-in.

You can also check out last month's blog on Enabler 4: Low Barrier to User Access here.

Have additional questions? 

Customers can contact the account team or support@securecodewarrior.com. Prospective customers can speak with a member of our sales team by contacting us here.

‍