Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementSecurity Leadership and ManagementSecurity Education & Training

AppSec’s Secret Weapon to Improve Security Culture and Engagement

By Maria Henriquez
workplace
September 16, 2017

Recently, Australian banks have been taking charge of their global influence to develop strong security mindsets among their employees responsible for developing software. According to Pieter Danhieux, co-founder of Secure Code Warrior, five out of Australia’s top six banks are actively engaging their developers to build secure coding skills through online, self-paced, gamified learning environments. Banks are further reviewing real-time metrics and reporting to their decision-making leaders to verify the strengths and weaknesses of their developers and teams.

Matias Madou, CTO, Director and Co-Founder of Secure Code Warrior, stresses the importance of hands-on software security practices. Companies can ensure a positive and effective application security (AppSec) culture within their organization by guaranteeing developers get the appropriate training they need to write secure code right from the start. “Normally, from the developer perspective, they don’t always get the training they need. It’s critical to implement platforms that are overlaid with gamification elements, so that it is fun and engaging for the developer when he or she is taking the training.  Traditional and old-school training is just video-based and encompasses fairly boring material. A more modern platform challenges the developer to try to solve and learn about application security. A system that incorporates achievements and levels, like belting and badges, further guarantees developers come out of their training with all the tools they need to code securely,” Madou says.

It’s important to note that gamification will not function as a miracle if there is no substance to your platform, Madou notes. “You have to have substance to your platform. For instance, at Secure Code Warrior, we have more than 3,000 coding exercises that challenge developers. Secondly, to make those exercises engaging, a world map where developers locate themselves, and have to defend against threats is another way to make exercises engaging. There are many elements for the developers to relate to the cause they are assigned. Once developers start solving the coding exercises, they get points and they are able to compare themselves to other developers in their organization. This further challenges them and provides a fun environment for them to harness their coding skills.”

Secure Code Warrior, for example, is guaranteeing developers enjoy the learning process by implementing tournaments, hosted quite frequently. At the end of each tournament, the victorious developer gets a prize, such as a drone, t-shirt and more. “Through all of these mechanisms, AppSec leaders can ensure that they are enabling their developers to actively learn through fun and engaging processes,” Madou says. “At the time, developers learn about an application security culture and how to apply what they have learned in their day-to-day jobs.”

The first step to establishing a positive AppSec culture is to train developers for the job they will be performing. “It does not make sense to train a developer in Java, for example, if they are writing in Python,” Madou notes. Although they are not opposites, they are different languages. Where Java is statically typed and comfortable with its use of braces and semicolons, Python is a dynamically typed language that uses syntactically-significant whitespace. “Relevant training is what the developer can relate to in their daily responsibilities. If a developer will be writing Cobalt code, then train them in COBOL.”

There are many benefits of having a positive application security culture within your organization, notes Madou. “Usually, the industry focus is simply on finding vulnerabilities, rather than fixing or preventing. If you ensure that developers obtain the education they need to write secure code, that will empower organizations to have a first line of defense if there are any looming threats. Furthermore, you are enabling developers to work faster, and more efficiently, successfully preventing or mitigating any financial damages associated with any vulnerabilities that root from insecure code.”

Ultimately, a major benefit of having an AppSec culture is the ability to mitigate and prevent costly data breaches. “In application security right now, we teach developers how to write secure code. What organizations are attempting to do is protect code by adding additional code on that same code. What organizations need to do is go to the source of the problem,” Madou suggests. 

When asked if human error is part of data breaches, Madou says, “Developers want to do the right thing. Except, they don’t know how. Universities teach them how to think and design code; however, security is briefly touched on. It’s not about writing secure apps, it’s about encryption. Ultimately, leading developers to introduce problems without their knowledge. This is why it’s important to have developers focus on training first.”

Quite often, developers face challenges when it comes to their organizations, as companies do not place application security as a priority. “The challenge is that organizations have to support these initiatives. They have to say, “Yes, security is important within our organization,” Madou says.

Finally, there is good news. According to Madou, there are more companies placing security as their top most priority. This comes as no surprise, or rather, an expected initiative as data breaches are at a record-high. A new report from Juniper Research found that the cost of data breaches will rise from $3 trillion each year to more than $5 trillion in 2024, an average annual growth of 11 percent, primarily driven by increasing fines for data breaches as regulation tightens, as well as a greater proportion of business lost.

KEYWORDS: security best practices security culture security training

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • employees around worktable

    How to improve security culture within an organization

    See More
  • Could Crime Prevention Lead to Greater Crime?

    ACPI launches police-community engagement program to help improve public support for law enforcement

    See More
  • 5 mins with julian waits

    5 minutes with Julian Waits - How Security Operations Center leaders can create a culture of growth

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • into to sec.jpg

    Introduction to Security, 10th Edition

See More Products

Events

View AllSubmit An Event
  • September 25, 2024

    How to Incorporate Security Into Your Company Culture

    ON DEMAND: From this webinar, you will learn how to promote collaboration between IT and physical security teams to streamline corporate security initiatives.
  • October 17, 2024

    How to Assess and Hone Your Security Program

    ON DEMAND: In this webinar, Erik Antons, a security risk management executive with more than 20 years of working in the Federal Government, energy, hospitality, and manufacturing sectors, shares his perspective on the building blocks of a successful manufacturing security program.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing