In 2016, we were contacted by the Senior Information Security Manager of one of the most prestigious public university systems in the world. He was looking for AppSec training for developers at one of the universities in their system, and he’d hit something of a roadblock. Although he’d spoken to a few established training organisations, he wasn’t getting quite the sort of training he was looking for.
For starters, most of the programs were, ironically enough, far too academic and theoretical in nature, lacking any sort of serious practical learning. The problem with this is you can’t teach AppSec like a simple classroom lesson; the practical realities of security demand a more hands-on approach.
It didn’t help that many training providers weren’t open to customising the course to the university’s requirements, while others simply weren’t commercially feasible.
When we spoke to the university’s Infosec Manager, we clearly outlined how we were going to do things differently: our AppSec courses were to be taught primarily through hands-on labs and practical exercises. Our program was designed so that we could even tailor the course to cater to a group of over 120 developers.
Once we began training, most of the students noticed that what they were seeing in our practical labs reflected actual security challenges they’d faced in their development projects. This was important, because we wanted to give students a working knowledge of the subjects that they could directly implement in a real-world scenario.
The positive response to this program meant that eventually, other universities in the system took notice and asked us to conduct our AppSec Essentials course on their campus as well.
In particular, we worked closely with one of the most well-established universities in this system to train over 250 students over the course of 3 years. Using what they learnt in our course, they were able to completely revolutionise their secure app development processes.
One of the largest projects that benefited from our security training was an application that would help medical and healthcare professionals such as doctors and nurses, scientists, medical researchers, and pharmaceutical researchers across the world collaborate with their data and research.
Using this data, they could look for a cure for chronic diseases such Diabetes, Cancer, Cardiovascular conditions, Blood Pressure and other medical conditions. Key members of this team participated in our AppSec and AWS security training courses allowing them to build their app from the ground up with security in place.
This sort of security-centric development enabled the application to meet global healthcare compliance standards and also satisfy local county-specific laws with respect to medical data. The application saw an explosive growth in its usage in the global medical community.
The app started with just one research project and a handful of users in the beginning. Today, it hosts 17 international research projects and over 500,000 users around the world.
The team has also implemented contemporary technologies such as Docker containers to house their microservices, scaled using Amazon EKS to meet the growing demand for the application. They are looking to we45 to help them secure these new technology components.