He wanted it to be fun.
He wanted it to create tension in peoples chests.
A few years earlier, hed taken part in a security training event at Google.
During an exercise at the event, he discovered a vulnerability that was wide open on his service.
His heart started pounding as he raced to patch it.
That pulse racing experience changed the way he thought about software.
He wanted all of our developers to experience it.
None of them promised that same visceral experience.
Teaching security
40% off TNW Conference!
One came from a small company based out of Hungary called Avatao, which offers secure code training.
It includes a couple hundred modules on everything from binary code exploitation to SQL injection to language-specific matters.
If we wanted something they didnt have, theyd build a module or help us write one.
For good measure, we threw in replications of a couple of real world hacks like the Facebook Imagekick.
Half an hour in and I knew it was a success.
Blessedly, the two scoreboards on projection screens showed every team was making progress.
Finally, everyone moved to an adjoining room for cocktails, coffee, and lock picking exercises.
Reverse engineering real-world hacks like Imagetrick are fascinating.
The modules were challenging, but not discouraging.
Capture the flag was cool, said Software Engineer Breon Knight, who paired with a Principal Software Engineer.
It was interesting to see it from a principal level engineers mindset.
That made them think differently about implementing security into coding practices.
What I enjoyed the most was the collaboration involved, she said.
It brings teams closer and improves communication and processes in the event of a real security threat.
Story byTad Whitaker
Tad is a Security Engineer at CircleCI.
He has also worked as a newspaper reporter and a private investigator.
Outside work, he loves being(show all)Tad is a Security Engineer at CircleCI.
He has also worked as a newspaper reporter and a private investigator.
