Secure Code Warrior

Six Years of Secure Code Warrior: Are we grown up yet?

It’s that special time of the year (for us, anyway) where I reflect on our most recent lap around the sun, and what has been done in the previous 365 days to position us for a new year of growth, lessons, and inevitable unpredictability.

It’s that special time of the year (for us, anyway) where I reflect on our most recent lap around the sun, and what has been done in the previous three hundred and sixty-five days to position us for a new year of growth, lessons, and inevitable unpredictability.

While I don’t think anyone could have foreshadowed last year’s twists and turns - after all, I think most of us faced more curveballs than the LA Dodgers - we’re still here. The ticking over of the calendar didn’t put a sudden stop on the pain points in the Year That Cannot Be Named, but all around me, I see the unwavering resilience in individuals, businesses, and our industry.

So, then, what progress have we made in our goal to secure code across the galaxy?

We supercharged our product suite.

The Secure Code Warrior training platform will always be the heart and soul of our offerings, but striving to create more variety, and more developer-chosen tools are our top priorities.

We want to inspire developers to embrace a preventative secure coding approach that enables every team to ship quality software with confidence.

I am so proud to detail what our product team has worked so hard to roll out; they’ve kicked incredible goals all year:

  • We acquired Adversary.io and integrated their technology, their amazingly skilled team and enterprise customers in less than 9 months.
  • We reached the incredible milestone of supporting over 50 programming languages, including infrastructure as code mainstays like Docker, Ansible, Terraform, Kubernetes, Powershell and CloudFormation, as well as new kids on the block like Rust and Go.
  • Bringing security knowledge to the developer by releasing all-new extensions for GitHub Actions and Issues, in addition to Atlassian JIRA Cloud & Server, which provides contextual learning right where developers play without the need to switch between tasks
  • Real-time quality code guidance in the IDE with Sensei, now available in the JetBrains marketplace for every developer to detect security bugs, enforce best practice, share knowledge, and prevent performance issues and technical debts
  • Making it easier for enterprises to engage with developers and scale secure coding by releasing Courses, a brand-new feature allowing curated learning pathways for objectives that are most relevant to an organization and its security goals. We also added Missions, an exciting enhancement to the flagship platform, putting developers in the pilot’s seat of an exploit. It’s the next step in a scaffolded learning approach to give developers a viable, lifelong foundation for success.

… and if you know any coding beginners, they should check out the free app, Secure Code Bootcamp, and start their security journey.

We landed, we expanded, we influenced.

We like to approach secure coding a little differently, and naturally, it’s our hope that this ethos catches on throughout the industry. It’s important that developers recognize their power in fighting the good fight against cyberattackers, and getting them to actually enjoy learning about security is a prime goal.

Thousands of developers joined our virtual tournaments from all over the world, with over 80 being held in 2020 alone. We were thrilled to get people playing as part of GitHub Universe, global Cisco events, and DevSecCon.

We dug through our data and saw hundreds-of-thousands unique users had played on our platform in 2020, which is mind-blowing when I think about where we began six years ago.

I was so pleased to see that we had increased our reach significantly among Fortune 1000 companies, each of them willing to try something new as part of their security programs. We found synergy with tech companies in particular, many of which pivoted to remote work and saw value in remote training options.

Team Awesome got bigger, and stronger, together.

One of the biggest evolutions we had as a company in the past year was the acquisition of the Iceland-based cybersecurity company, Adversary. We had a lot in common: a similar stance on the people-focused approach to cybersecurity, aligned values, and complementary products. We welcomed their team into our own, gaining invaluable expertise and talent among great people.

We also welcomed John Wilson as the SVP of Global Sales, benefiting from his extensive, 25-year track record of driving growth and building cloud technology and cybersecurity companies into market leaders. His wide technical skillset has been an innovative force in companies like Symantec, Qualys, BlackBerry, and Verizon, and we couldn’t be happier to have him working his magic with us.

A lack of physical offices didn’t stop us from onboarding sixty new employees across five countries, and ensuring they could hit the ground running with virtual support, introductions, and of course - the coveted employee swag pack delivered to their door.

We continued to grow in every department, all of equal importance in achieving our global mission of enabling quality code at speed. And yet, it still feels like we’ve only just started.

2021, the year of changing the conversation.

It has long been my feeling that society simply doesn’t care enough about cybersecurity, and it’s only when something incredibly drastic happens that we might see the needle move on action and awareness.

With the enormous SolarWinds breach breaking at the end of last year, more details are coming to the surface. The full extent of the damage still isn’t known, but this incident could be the catalyst for widespread change. US government departments are already overhauling their security programs, and cyberespionage is a very hot topic among those with a lot to lose.

We can still put a little fun into everything we do, but now is the time to roll up our sleeves and get to work on truly changing the conversation.

Every security-aware developer makes our world a little bit safer from cyberattacks, and giving them the knowledge to succeed - and maybe even love it - will always be our goal. We’re working hard every day to create tools that developers choose to use when learning about security, and creating the highest quality code. Secure code should be the standard, and we can all lend a hand to make that reality.