Security as culture: How Blue Prism cultivates world-class secure developers
Background
Blue Prism is the global leader in intelligent automation for the enterprise; an exciting tech company creating cutting-edge software and tools that help organizations stay agile, efficient and competitive. For two decades, they’ve ensured that some of the world’s best and most groundbreaking companies can innovate at speed while helping them meet global and business challenges. Now Blue Prism is rapidly maturing into the next phase of its operations.
Maria Morris, a senior application security engineer at Blue Prism, is working on the front lines to maintain their enviable, first-class security program. Her dedication to upholding a strong culture of security best practices, cross-functional collaboration, and awareness, is central to the efficient deployment of secure software within the organization. As part of her initiatives, Maria sought a hands-on training solution that could continue to inspire the development cohort to build on their security awareness and secure coding skills, using real-world code.
The challenge
Blue Prism lives and breathes its customers’ success. With a strong focus on security as well as cutting-edge AI-infused robotic process automation (RPA), it’s no wonder that so many enterprises in the Global 2000 rely on their products and services. Of course, this trust comes with great responsibility, and the need for security to be at the forefront of every process and decision is a must.
With the need to ensure regulatory security compliance with legislation such as PCI-DSS, HIPAA, FISMA, and FIPS, being able to mitigate against the common, yet potent vulnerabilities featured in the OWASP Top 10, and the SANSTop 25 Most Dangerous Software Weaknesses(CWE) is essential. To do this effectively, they need to empower their security-skilled
“We are really good at hiring people who put security first. Everybody here loves security; in meetings, it’s one of the top three things that people want to discuss.With every decision, we ask ourselves, ‘Is this secure enough? Can we make it more secure?’. It’s always at the forefront of the mind because security is important, as it should be,” says Maria.
The implementation
Maria and her team advocate the ‘shift left’ approach to software security, prioritizing it early on in each stage of the software development lifecycle:
“If you start secure, you don't have to ‘become’ secure – the latter is a lot harder to achieve. It reduces developer workload and work time. It reduces the risk of revisiting issues and trying to put in place a fix when the software is already live in people's environments. Doing it right the first time is key”, says Maria.
Her development cohort is hand-picked for their interest in security, and Blue Prism’s burgeoning security culture helps their security skills to thrive. She was able to use Secure Code Warrior’s Learning Platform to help benchmark and reinforce existing skills, build upon prior knowledge and experience and get hands-on with security challenges in the code that is familiar to them:
“The developers liked Secure Code Warrior instantly – there’s been no friction getting them to want to be involved, to use and engage with the platform”,says Maria. “It was a great way of re-enforcing the knowledge they already had, while allowing them to learn new things.”
Blue Prism takes their learning to the next level by utilizing the Courses feature as well, allowing Maria to create curated, precision pathways for her developers that align with strategy and help achieve security goals in the business.
“The developers actually like my courses, which is nice. I try to make them very specific to current projects.We’ve got the ‘sensitive data handling’ course, for example. I make the material highly relevant. I use videos as a recap, and then set exercises about it, followed by an assessment at the end. The developers like that approach because they have limited time. They want something tangible to feel like they've accomplished something great”, says Maria.
The result
The team at Blue Prism rolled out effective, engaging training and courses for their development cohort to hone the skills that support their best-in-class security program. Their highly positive approach to security madeSecure Code Warrior a great fit for their organization, solidifying the training that is so crucial to achieving regulatory compliance, and scaling security at speed across the many products and services that power some of the world’s biggest companies.
Maria’s use of curated learning pathways is in complete contrast to generic, one-off training so often seen at other companies. This allows her to scale the education part of her security strategy to great effect, highlighting further Blue Prism’s dedication to quality and customer first initiatives.
“We're really lucky because our developers believe in the tech excellence philosophy as well. They don't want just to meet what's on the paper. They want to do what's right. They want to know that our product is secure and they want to be assured that if anything happens, it's not going to be because Blue Prism was that single point of failure. It's this belief in the product that makes the difference”, says Maria.
"Thanks for setting it up! It was really, really good. Hard to tell what it will be like until you actually get stuck in and do it. But it's a great way of learning. I generally know all the theory but being given working code to try it out on is really effective." Ben, Blue Prism developer, feedback after a tournament
Learn how Blue Prism, the global leader in intelligent automation for the enterprise, used Secure Code Warrior's agile learning platform to create a security-first culture with their developers, achieve their business goals, and ship secure code at speed
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoBackground
Blue Prism is the global leader in intelligent automation for the enterprise; an exciting tech company creating cutting-edge software and tools that help organizations stay agile, efficient and competitive. For two decades, they’ve ensured that some of the world’s best and most groundbreaking companies can innovate at speed while helping them meet global and business challenges. Now Blue Prism is rapidly maturing into the next phase of its operations.
Maria Morris, a senior application security engineer at Blue Prism, is working on the front lines to maintain their enviable, first-class security program. Her dedication to upholding a strong culture of security best practices, cross-functional collaboration, and awareness, is central to the efficient deployment of secure software within the organization. As part of her initiatives, Maria sought a hands-on training solution that could continue to inspire the development cohort to build on their security awareness and secure coding skills, using real-world code.
The challenge
Blue Prism lives and breathes its customers’ success. With a strong focus on security as well as cutting-edge AI-infused robotic process automation (RPA), it’s no wonder that so many enterprises in the Global 2000 rely on their products and services. Of course, this trust comes with great responsibility, and the need for security to be at the forefront of every process and decision is a must.
With the need to ensure regulatory security compliance with legislation such as PCI-DSS, HIPAA, FISMA, and FIPS, being able to mitigate against the common, yet potent vulnerabilities featured in the OWASP Top 10, and the SANSTop 25 Most Dangerous Software Weaknesses(CWE) is essential. To do this effectively, they need to empower their security-skilled
“We are really good at hiring people who put security first. Everybody here loves security; in meetings, it’s one of the top three things that people want to discuss.With every decision, we ask ourselves, ‘Is this secure enough? Can we make it more secure?’. It’s always at the forefront of the mind because security is important, as it should be,” says Maria.
The implementation
Maria and her team advocate the ‘shift left’ approach to software security, prioritizing it early on in each stage of the software development lifecycle:
“If you start secure, you don't have to ‘become’ secure – the latter is a lot harder to achieve. It reduces developer workload and work time. It reduces the risk of revisiting issues and trying to put in place a fix when the software is already live in people's environments. Doing it right the first time is key”, says Maria.
Her development cohort is hand-picked for their interest in security, and Blue Prism’s burgeoning security culture helps their security skills to thrive. She was able to use Secure Code Warrior’s Learning Platform to help benchmark and reinforce existing skills, build upon prior knowledge and experience and get hands-on with security challenges in the code that is familiar to them:
“The developers liked Secure Code Warrior instantly – there’s been no friction getting them to want to be involved, to use and engage with the platform”,says Maria. “It was a great way of re-enforcing the knowledge they already had, while allowing them to learn new things.”
Blue Prism takes their learning to the next level by utilizing the Courses feature as well, allowing Maria to create curated, precision pathways for her developers that align with strategy and help achieve security goals in the business.
“The developers actually like my courses, which is nice. I try to make them very specific to current projects.We’ve got the ‘sensitive data handling’ course, for example. I make the material highly relevant. I use videos as a recap, and then set exercises about it, followed by an assessment at the end. The developers like that approach because they have limited time. They want something tangible to feel like they've accomplished something great”, says Maria.
The result
The team at Blue Prism rolled out effective, engaging training and courses for their development cohort to hone the skills that support their best-in-class security program. Their highly positive approach to security madeSecure Code Warrior a great fit for their organization, solidifying the training that is so crucial to achieving regulatory compliance, and scaling security at speed across the many products and services that power some of the world’s biggest companies.
Maria’s use of curated learning pathways is in complete contrast to generic, one-off training so often seen at other companies. This allows her to scale the education part of her security strategy to great effect, highlighting further Blue Prism’s dedication to quality and customer first initiatives.
“We're really lucky because our developers believe in the tech excellence philosophy as well. They don't want just to meet what's on the paper. They want to do what's right. They want to know that our product is secure and they want to be assured that if anything happens, it's not going to be because Blue Prism was that single point of failure. It's this belief in the product that makes the difference”, says Maria.
"Thanks for setting it up! It was really, really good. Hard to tell what it will be like until you actually get stuck in and do it. But it's a great way of learning. I generally know all the theory but being given working code to try it out on is really effective." Ben, Blue Prism developer, feedback after a tournament
Background
Blue Prism is the global leader in intelligent automation for the enterprise; an exciting tech company creating cutting-edge software and tools that help organizations stay agile, efficient and competitive. For two decades, they’ve ensured that some of the world’s best and most groundbreaking companies can innovate at speed while helping them meet global and business challenges. Now Blue Prism is rapidly maturing into the next phase of its operations.
Maria Morris, a senior application security engineer at Blue Prism, is working on the front lines to maintain their enviable, first-class security program. Her dedication to upholding a strong culture of security best practices, cross-functional collaboration, and awareness, is central to the efficient deployment of secure software within the organization. As part of her initiatives, Maria sought a hands-on training solution that could continue to inspire the development cohort to build on their security awareness and secure coding skills, using real-world code.
The challenge
Blue Prism lives and breathes its customers’ success. With a strong focus on security as well as cutting-edge AI-infused robotic process automation (RPA), it’s no wonder that so many enterprises in the Global 2000 rely on their products and services. Of course, this trust comes with great responsibility, and the need for security to be at the forefront of every process and decision is a must.
With the need to ensure regulatory security compliance with legislation such as PCI-DSS, HIPAA, FISMA, and FIPS, being able to mitigate against the common, yet potent vulnerabilities featured in the OWASP Top 10, and the SANSTop 25 Most Dangerous Software Weaknesses(CWE) is essential. To do this effectively, they need to empower their security-skilled
“We are really good at hiring people who put security first. Everybody here loves security; in meetings, it’s one of the top three things that people want to discuss.With every decision, we ask ourselves, ‘Is this secure enough? Can we make it more secure?’. It’s always at the forefront of the mind because security is important, as it should be,” says Maria.
The implementation
Maria and her team advocate the ‘shift left’ approach to software security, prioritizing it early on in each stage of the software development lifecycle:
“If you start secure, you don't have to ‘become’ secure – the latter is a lot harder to achieve. It reduces developer workload and work time. It reduces the risk of revisiting issues and trying to put in place a fix when the software is already live in people's environments. Doing it right the first time is key”, says Maria.
Her development cohort is hand-picked for their interest in security, and Blue Prism’s burgeoning security culture helps their security skills to thrive. She was able to use Secure Code Warrior’s Learning Platform to help benchmark and reinforce existing skills, build upon prior knowledge and experience and get hands-on with security challenges in the code that is familiar to them:
“The developers liked Secure Code Warrior instantly – there’s been no friction getting them to want to be involved, to use and engage with the platform”,says Maria. “It was a great way of re-enforcing the knowledge they already had, while allowing them to learn new things.”
Blue Prism takes their learning to the next level by utilizing the Courses feature as well, allowing Maria to create curated, precision pathways for her developers that align with strategy and help achieve security goals in the business.
“The developers actually like my courses, which is nice. I try to make them very specific to current projects.We’ve got the ‘sensitive data handling’ course, for example. I make the material highly relevant. I use videos as a recap, and then set exercises about it, followed by an assessment at the end. The developers like that approach because they have limited time. They want something tangible to feel like they've accomplished something great”, says Maria.
The result
The team at Blue Prism rolled out effective, engaging training and courses for their development cohort to hone the skills that support their best-in-class security program. Their highly positive approach to security madeSecure Code Warrior a great fit for their organization, solidifying the training that is so crucial to achieving regulatory compliance, and scaling security at speed across the many products and services that power some of the world’s biggest companies.
Maria’s use of curated learning pathways is in complete contrast to generic, one-off training so often seen at other companies. This allows her to scale the education part of her security strategy to great effect, highlighting further Blue Prism’s dedication to quality and customer first initiatives.
“We're really lucky because our developers believe in the tech excellence philosophy as well. They don't want just to meet what's on the paper. They want to do what's right. They want to know that our product is secure and they want to be assured that if anything happens, it's not going to be because Blue Prism was that single point of failure. It's this belief in the product that makes the difference”, says Maria.
"Thanks for setting it up! It was really, really good. Hard to tell what it will be like until you actually get stuck in and do it. But it's a great way of learning. I generally know all the theory but being given working code to try it out on is really effective." Ben, Blue Prism developer, feedback after a tournament
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demoBackground
Blue Prism is the global leader in intelligent automation for the enterprise; an exciting tech company creating cutting-edge software and tools that help organizations stay agile, efficient and competitive. For two decades, they’ve ensured that some of the world’s best and most groundbreaking companies can innovate at speed while helping them meet global and business challenges. Now Blue Prism is rapidly maturing into the next phase of its operations.
Maria Morris, a senior application security engineer at Blue Prism, is working on the front lines to maintain their enviable, first-class security program. Her dedication to upholding a strong culture of security best practices, cross-functional collaboration, and awareness, is central to the efficient deployment of secure software within the organization. As part of her initiatives, Maria sought a hands-on training solution that could continue to inspire the development cohort to build on their security awareness and secure coding skills, using real-world code.
The challenge
Blue Prism lives and breathes its customers’ success. With a strong focus on security as well as cutting-edge AI-infused robotic process automation (RPA), it’s no wonder that so many enterprises in the Global 2000 rely on their products and services. Of course, this trust comes with great responsibility, and the need for security to be at the forefront of every process and decision is a must.
With the need to ensure regulatory security compliance with legislation such as PCI-DSS, HIPAA, FISMA, and FIPS, being able to mitigate against the common, yet potent vulnerabilities featured in the OWASP Top 10, and the SANSTop 25 Most Dangerous Software Weaknesses(CWE) is essential. To do this effectively, they need to empower their security-skilled
“We are really good at hiring people who put security first. Everybody here loves security; in meetings, it’s one of the top three things that people want to discuss.With every decision, we ask ourselves, ‘Is this secure enough? Can we make it more secure?’. It’s always at the forefront of the mind because security is important, as it should be,” says Maria.
The implementation
Maria and her team advocate the ‘shift left’ approach to software security, prioritizing it early on in each stage of the software development lifecycle:
“If you start secure, you don't have to ‘become’ secure – the latter is a lot harder to achieve. It reduces developer workload and work time. It reduces the risk of revisiting issues and trying to put in place a fix when the software is already live in people's environments. Doing it right the first time is key”, says Maria.
Her development cohort is hand-picked for their interest in security, and Blue Prism’s burgeoning security culture helps their security skills to thrive. She was able to use Secure Code Warrior’s Learning Platform to help benchmark and reinforce existing skills, build upon prior knowledge and experience and get hands-on with security challenges in the code that is familiar to them:
“The developers liked Secure Code Warrior instantly – there’s been no friction getting them to want to be involved, to use and engage with the platform”,says Maria. “It was a great way of re-enforcing the knowledge they already had, while allowing them to learn new things.”
Blue Prism takes their learning to the next level by utilizing the Courses feature as well, allowing Maria to create curated, precision pathways for her developers that align with strategy and help achieve security goals in the business.
“The developers actually like my courses, which is nice. I try to make them very specific to current projects.We’ve got the ‘sensitive data handling’ course, for example. I make the material highly relevant. I use videos as a recap, and then set exercises about it, followed by an assessment at the end. The developers like that approach because they have limited time. They want something tangible to feel like they've accomplished something great”, says Maria.
The result
The team at Blue Prism rolled out effective, engaging training and courses for their development cohort to hone the skills that support their best-in-class security program. Their highly positive approach to security madeSecure Code Warrior a great fit for their organization, solidifying the training that is so crucial to achieving regulatory compliance, and scaling security at speed across the many products and services that power some of the world’s biggest companies.
Maria’s use of curated learning pathways is in complete contrast to generic, one-off training so often seen at other companies. This allows her to scale the education part of her security strategy to great effect, highlighting further Blue Prism’s dedication to quality and customer first initiatives.
“We're really lucky because our developers believe in the tech excellence philosophy as well. They don't want just to meet what's on the paper. They want to do what's right. They want to know that our product is secure and they want to be assured that if anything happens, it's not going to be because Blue Prism was that single point of failure. It's this belief in the product that makes the difference”, says Maria.
"Thanks for setting it up! It was really, really good. Hard to tell what it will be like until you actually get stuck in and do it. But it's a great way of learning. I generally know all the theory but being given working code to try it out on is really effective." Ben, Blue Prism developer, feedback after a tournament
Table of contents
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Benchmarking Security Skills: Streamlining Secure-by-Design in the Enterprise
The Secure-by-Design movement is the future of secure software development. Learn about the key elements companies need to keep in mind when they think about a Secure-by-Design initiative.
DigitalOcean Decreases Security Debt with Secure Code Warrior
DigitalOcean's use of Secure Code Warrior training has significantly reduced security debt, allowing teams to focus more on innovation and productivity. The improved security has strengthened their product quality and competitive edge. Looking ahead, the SCW Trust Score will help them further enhance security practices and continue driving innovation.
Resources to get you started
Reactive Versus Preventive Security: Prevention Is a Better Cure
The idea of bringing preventive security to legacy code and systems at the same time as newer applications can seem daunting, but a Secure-by-Design approach, enforced by upskilling developers, can apply security best practices to those systems. It’s the best chance many organizations have of improving their security postures.
The Benefits of Benchmarking Security Skills for Developers
The growing focus on secure code and Secure-by-Design principles requires developers to be trained in cybersecurity from the start of the SDLC, with tools like Secure Code Warrior’s Trust Score helping measure and improve their progress.
Driving Meaningful Success for Enterprise Secure-by-Design Initiatives
Our latest research paper, Benchmarking Security Skills: Streamlining Secure-by-Design in the Enterprise is the result of deep analysis of real Secure-by-Design initiatives at the enterprise level, and deriving best practice approaches based on data-driven findings.
Deep Dive: Navigating the Critical CUPS Vulnerability in GNU-Linux Systems
Discover the latest security challenges facing Linux users as we explore recent high-severity vulnerabilities in the Common UNIX Printing System (CUPS). Learn how these issues may lead to potential Remote Code Execution (RCE) and what you can do to protect your systems.