With recent increases in cyberattacks showing no sign of abating, the role software developers need to play to improve levels of protection is becoming more widely understood.
Encouragingly, industry research[1] shows nearly four in five developers believe that either they themselves are responsible for their codeโs security or that every member of their team should be held accountable. The research also found 75% say they want to be trained in how to be more effective at generating secure code.
Concerningly, 86% of developers surveyed admit they currently struggle to practice secure coding. In many cases, this is because the training they have been receiving is no longer suited to their requirements.
Often, traditional training is used which relies on outdated teaching methods. These are neither engaging, up to date, or relevant to current developer roles and skill levels.
The Rise of Agile Learning
For this reason, the strategy of agile learning has emerged as a critical training methodology for high-impact upskilling of software development teams. Using this approach, instructors can accommodate various skill levels while tying lessons to real-life scenarios.
Agile training sessions are built around just-in-time โmicroburstโ teaching scenarios. This means development teams can learn, test, and apply knowledge quickly and within the context of their work, in addition to addressing their current security challenges.
The approach replaces the more standard โcheck-the-boxโ training often used where participants grind their way through online text, illustrations and videos. Through agile learning, organisations can transform development teams that currently have only basic code defence awareness and skills into security-skilled advocates for code quality and resilience.
Development teams that practice security as a foundational part of code development will grow confident in their own ability to write code that is safe while also reducing their software release timelines. As a result of staying up to date on new threats and mitigation techniques, these newly trained teams will also be able to eliminate bottlenecks that result from the need for product rework and remediation due to software vulnerabilities.
For an organisation to enable its development teams to reach this advanced state of security awareness, a number of best practices are required. They include:
Customise Learning to The Specific Needs of The Developers
Carefully tailored lessons are vital because different security skills are essential to address different security requirements. Also, most current training offerings do not consider how businesses evolve over time.
These offerings also often donโt cater for global scaling or regional or vertical-centric compliance requirements. Unfortunately, they often also fail to gather feedback from participants to aid in the development of future training materials. To remove such weaknesses, organisations should seek out practitioners and platforms that leverage agile learning techniques.
Align Training With Current Workflows
Unfortunately, development teams often view training sessions as a distraction from day-to-day routines and workloads. Indeed, any training that interrupts their task completion โ and/or cannot deliver the right education at the right time in an easy-to-understand format โ is unlikely to result in developers gaining actionable security expertise.
Agile learning techniques allow developers to readily integrate lessons into their work day for purposeful educational opportunities, thus building security from the start while using the familiar coding tools they work with every day.
Regularly update content
Instructors and their platforms should continually update teaching materials to include details of the latest cybersecurity breaches, vulnerabilities, and compliance standards. Itโs important to steer away from more traditional approaches that are static and disengaging.
Supporting Developers
Itโs encouraging to see that so many software developers want to take accountability for security in their products. For this reason, their organisations must commit to training utilising content that is closely connected to what they do on a day-to-day basis.
This can be achieved with an agile learning strategy. Participants will thrive by solving their actual problems. This, in turn, will ensure greater information retention and engagement.
Just as cybercriminals are constantly changing their tactics and approaches, so organisations must adapt the type of training being given to developers when it comes to security. The result will be more resilient code and a significant reduction in vulnerabilities.
-END
[1] https://www.securecodewarrior.com/cp/the-state-of-developer-security-skills-2022
