In 2016, we were contacted by the Senior Information Security Manager of one of the most prestigious public university systems in the world. He was looking for AppSec training for developers at one of the universities in their system, and he’d hit something of a roadblock. Although he’d spoken to a few established training organisations, he wasn’t getting quite the sort of training he was looking for.
For starters, most of the programs were, ironically enough, far too academic and theoretical in nature, lacking any sort of serious practical learning. The problem with this is you can’t teach AppSec like a simple classroom lesson; the practical realities of security demand a more hands-on approach.
It didn’t help that many training providers weren’t open to customising the course to the university’s requirements, while others simply weren’t commercially feasible.
When we spoke to the university’s Infosec Manager, we clearly outlined how we were going to do things differently: our AppSec courses were to be taught primarily through hands-on labs and practical exercises. Our program was designed so that we could even tailor the course to cater to a group of over 120 developers.
You can’t teach AppSec like a simple classroom lesson; the practical realities of security demand a more hands-on approach.
Once we began training, most of the students noticed that what they were seeing in our practical labs reflected actual security challenges they’d faced in their development projects. This was important, because we wanted to give students a working knowledge of the subjects that they could directly implement in a real-world scenario.
The positive response to this program meant that eventually, other universities in the system took notice and asked us to conduct our AppSec Essentials course on their campus as well.In particular, we worked closely with one of the most well-established universities in this system to train over 250 students over the course of 3 years. Using what they learnt in our course, they were able to completely revolutionise their secure app development processes.