Logically Speaking
January 22, 2020

Welcome to Logically Speaking. Cybersecurity is vital to every organization. Our focus for this issue is cyber secure coding and training coders and programmers in Security by Design principles.

In this issue:

The Lack of Secure Coding is a National Crisis 

by Jon O'Keefe, MCCT, Technology Education Jedi

With 111 billion lines of code written each year and almost every new technology running on some sort of code, coding has never been more important for the success of all organizations.

In our rush to embrace the technologies of the 21st century, almost all of which rely on code, there has been a glaring oversight made in the education of coders and application developers.  That oversight is security.

The lack of security in coding and app development is now being called a national security threat by the Institute for Critical Infrastructure Technology, a cybersecurity think tank.  The problem is that security is generally added as a second layer on top of code that is already written, as app developers are not usually involved in the security lifecycle of development.  

This needs to change.  Anyone who is learning to code needs to learn secure coding and Security by Design principles.  With cyberattacks on the rise, the best line of defense is having secure code that cannot be exploited.  All of your coding students, regardless of the languages they are learning, need the skills necessary to write secure code.

Secure Coding:  A Must Have for EVERY Developer 

by Jim Gabalski, Vice President Sales and Marketing

Application Developers create solutions that live on many platforms—cell phones, tablets, personal computers, servers, the cloud—but they all do the same thing, they write code!

Whether developers are programming in C, C++, C#, Python, Java, .NET, JavaScript, HTML, Perl, or any other language, they are creating applications that are likely not “Secure by Design.” Security by Design principles can be generally applied to any language a developer is coding in. Cyber Secure Coder from CertNexus, and offered by Logical Operations, teaches developers about general coding vulnerabilities that undermine security, how to identify and remediate security defects in code, how to design software to deal with the human element of security, and how to incorporate security into all phases of application development.  

Cyber Secure Coder (CSC) is a perfect complementary course to any introductory or advanced programming/application development course. Your best candidates live in software architecture, design, development, and testing roles. Offering CSC as an add-on to a programming class or as part of a programming bundle is a great strategy to help your application development students create solutions that are Secure by Design.

Download CyberSecure Coder Course Outline to use with your customers >

Why We Present a Security by Design Approach in the Cyber Secure Coder Course

by Brian Wilson, Senior Instructional Designer

A Security by Design approach effectively promotes the development of secure software. It means that everyone involved in software development has responsibility for promoting software security throughout every phase of the software development lifecycle. Security is designed and built-in, so security problems are prevented from ever happening, rather than requiring that they be fixed in whack-a-mole fashion as they pop up unpredictably.

Some courses on secure programming present a litany of common coding faults and various ways to mitigate them. Unfortunately, specific coding faults generally correspond to a specific context, such as a particular programming language, runtime environment, or operating system. Focusing on specific problems and their solutions limits the applicability of a course. In the real world, software developers encounter a wide variety of situations in which specific “recipes” simply don’t apply.

So, in addition to introducing common problems and mitigations, the Cyber Secure Coder (CSC) course promotes a Security by Design approach, emphasizing overarching principles and processes that result in secure software. The general strategies and patterns for secure programming can be applied to a wide variety of different platforms and contexts.

________________________________________

Who Would Benefit from Taking the Cyber Secure Coder Course?

by Brian Wilson, Senior Instructional Designer

A typical software development project involves a wide variety of job roles that may not perform hands-on coding, including software project managers, technical consultants, software testers, and architects. Of course, many roles do involve coding, including those who write code for the cloud, web, mobile, desktop, embedded systems, process automation, data analytics, and DevOps. All of these roles—coders and non-coders—would benefit from learning the principles covered in Cyber Secure Coder (CSC).

Unfortunately, many of the people directly involved in software development projects (including many who hold computer science or software engineering degrees) have had little or no exposure to the principles of secure software development. This skills gap presents a significant opportunity for training providers.

While CSC does provide some exposure to code, it is self-documenting code that is easy to understand at a high level, with descriptive object names and comments written in plain language. Seasoned developers will be able to understand the code in depth, while students with less programming experience will also be able to learn the general principles being put forth, without having to take a “deep dive” into the code. The course emphasizes principles that transfer to any language or programming environment, which would benefit anyone involved in the design, development, and deployment of software.

________________________________________

Join the Logical Operations Instructor Community on Linkedin.
It is a place for instructors to connect with colleagues to share ideas, feedback, and insights related to instructor-led training.

________________________________________

Latest Product Highlights

CertNexus has launched their newest Artificial Intelligence (AI) certification and it’s the first high-stakes, vendor-neutral certification for AI and Machine Learning (ML) professionals. The Certified AI Practitioner (CAIP) is the only certification on the market that certifies practitioners on how to design and implement an AI solution using ML. Learn more.

For a complete list of current and updated courses, download the Product Summary Guide below.

Download the latest Product Summary Guide to see the full list of available titles >


How Can I Prepare to Teach the Cyber Secure Coder Course?

by Nancy Curtis, Vice President, Content

You’re an ideal instructor for this course if you have field experience as a software developer in addition to your work as a technical instructor. Real-world programming experience provides you with a repertoire of “war stories” to share in class and is a good foundation for understanding the principles covered in the course. A programming background blends with expertise in adult learning and technical instruction to produce a great learning experience for your students.

However, in reality, you can start on either path and still be successful with this course. That is, you might have spent years as a technical instructor, but you don’t have a lot of field experience in software development. Or vice versa—you might be a working programmer who hasn’t spent a lot of time as a presenter or instructor. Never fear! The Cyber Secure Coder (CSC) course materials are designed to support you either way. The content and activities are tightly scripted, with all source code provided, to ensure you and your students can perform tasks in a way that leads to a successful outcome. Comments within activity steps help ensure that you identify the important points that you should cover. The PowerPoint slides provide further talking points and illustrations to help you deliver new material. And notes in the margins of your Instructor Edition provide helpful tips and hints on delivery.

The CSC course materials provide you with a strong foundation to ensure a successful course delivery right “out of the box.” Then, you can layer in your own field or classroom experience to provide your students with a unique and rich course delivery tailored to your own strengths. Download the detailed course outline below and see for yourself.


Download CyberSecure Coder Detailed Course Outline >
Includes content for each topic and practice exercise.

________________________________________

CustomCHOICE

by Andrea Montanarella, Manager, Custom Production

You can CUSTOMIZE to garner interest for your customer base. Tailor the content into a half-day course to fit your schedule or choose the specific lessons and topics you need to close skills gaps. If you simply want to put your logo on the cover, no problem! Contact Andrea Montanarella in Custom Print to set up a demo or answer any questions. For the first order, you will receive a free custom proof. Email Andrea today at cprint@logicaloperations.com OR view this short video to show you how!


Developers in Demand

by Patrick DiLaura, Chief Talent Officer

The 4th Industrial Revolution is a game changer when it comes to hiring. According to the World Economic Forum, there will be 133 million new roles created inside organizations by 2022 in technologies like AI, Data Analytics, and Cloud Computing. At the heart of each of these digital skills lies one important element: coding. Every piece of new technology, no matter what it is, has some form of code in it. With 111 billion lines of code written each year, you can see how skilled coders and programmers are in high demand and hiring the right candidate can be the make or break for your organization.

________________________________________

Meet Brian Wilson, Senior Instructional Designer, Content Group

For more than 30 years, my career has involved the fusion of teaching and technology—using technology to deliver training, or training people to use technology. I continue to find this field as engaging and interesting as I did when I first started working in it. There’s so much to explore, and the field continues to grow and evolve. I’ve had the opportunity to work in K-12 education, higher ed publishing, government/military, manufacturing, and corporate training, serving in a variety of roles, as an instructor, instructional designer, multimedia developer, animator, e-learning manager, software product manager, and software developer.

In my current role at Logical Operations, I’ve developed courses on a wide variety of topics, including animation tools, productivity apps, database design and development, mobile app development, cloud programming, Internet of Things, machine learning, and others. I’m a “maker” at heart, so my favorite courses have been those that teach people how to make things, such as programming, animation tools and desktop publishing. It was especially enjoyable to work with the Arduino development environment in one of our recent IoT courses.

I enjoyed writing Cyber Secure Coder because the course incorporated so many different things that I’m interested in, including software development, design, and process improvement. I was happy that we were able to present a Security by Design approach in that course. So many of the software development approaches I’ve seen over the years have relied on Security by Obscurity or reactive approaches, putting fires out when they happen. It’s great to see cybersecurity taking a front seat in the software development process!