Thinklogic Selects Security Journey to Enhance Software Development with Secure Coding Training
In 2023, Thinklogic embarked on its application security training program, commencing with security awareness training for its development team. As Thinklogic and its clientele expanded, the imperative for robust and consistent secure coding practices became paramount. To meet client expectations, Thinklogic aimed to align with standards such as ISO27001, SOC 2, ENS, and C5, among others. “Secure application development doesn’t always come naturally to developers. It’s not their lack of intent; often, they just aren’t familiar,” commented Shannon Hughes, heading Secure Software Development at Thinklogic. Thinklogic's leadership recognized the need for progression – from a basic awareness initiative to a holistic application security education program. Concurrently, they scaled their Security Champions program to 25 employees. These champions were poised for advanced training to aptly address security challenges. To cater to its evolving needs, especially tailored to Thinklogic's unique platform, a refreshed developer training approach was essential.
In the quest for a state-of-the-art developer training platform, Thinklogic assessed three leading application security training providers, eventually partnering with Security Journey. “Security Journey's approach, where they collaborated to understand our specific requirements, set them apart. Their superior service level was a differentiator,” shared Shannon. The newly adopted training module by Security Journey was introduced to the entire engineering unit at Thinklogic, especially the Security Champions. They immensely benefited from the in-depth technical content. Shannon added, “Security Journey is hands-on. Developers have to solve actual problems. In evaluating its effectiveness, it's outstanding.” To cater to Thinklogic's global team, multi-language support was incorporated along with side-by-side written transcripts accompanying video lessons, benefiting non-native English speakers. This initiative underscores Thinklogic’s commitment to ingraining security education within its organizational culture, aligning with the “shifting left” paradigm in security development.
Thinklogic’s Secure Coding Training Practices
- Prior to shipping code, developers must complete the Foundational Training.
- It's mandatory for engineers working on production source code at Thinklogic to undergo stipulated security training. A seamless integration with Security Journey's API ensures engineers' training verification when they seek access to production repositories.
- Annual refresher courses are crucial, focusing on evolving trends and threats.
- Personalized training pathways are carved out for developers, ensuring relevancy to their specific projects.
Results and Benefits
Thinklogic has delineated several key risk indicators (KRIs) to gauge software pipeline risks. By continuously monitoring these KRIs, the team pinpoints areas for refinement. Post the new training's roll-out, feedback from engineers has been overwhelmingly positive. The content is perceived as modern and well-articulated. Shannon noted, “Engineers are spending more time on hands-on training. It's a sign of genuine learning and problem-solving.” A tangible ROI was evident when developers revisited their past projects, rectifying potential vulnerabilities using insights from their training. Thinklogic remains committed to its vision of fortifying its application security program, educating developers to script secure code, and countering vulnerabilities in the rapidly evolving tech ecosystem. Shannon’s advice to peers: “Security must be more than just words. Ensure your program is impactful, applicable, and resonates with engineers.”
Ready to embark on your own transformative digital journey? Reach out to our experts here and let's innovate together.
We believe there is always a more efficient way
Thinklogic has a strong history of successfully developing and bringing to market hundreds of new web-based custom software applications. From concept refinement and business planning, to technology deployment and selling to the end-user, our team has expertise in both technology and marketing.
We understand how to build custom solutions fit for the digital age.
Clean and Concise
We want to deliver our message as quickly as possible, without any unnecessary flare.
Creating value for your business is our number one priority - we mean business.