L&D Learning Platforms, secure coding and why you shouldn’t buy a Porsche without locks

In September 2019, I had the pleasure of attending my first LPI Learning Live event! I had a rough idea of what to expect, and like all of us when attending a conference or exhibition for the first time also have our own expectations. If I’m completely honest, my expectation and hope for the event was to bump into some interesting people, network and with some luck have discussions which lead to collaboration with individuals and organizations. This part of my expectation was fulfilled – but what I wasn’t expecting was the quality of the keynotes and the breadth of solutions on show which were targeted specifically at Learning & Development teams who are constantly trying to raise the bar of increasing competences of their companies staff.

Two specific companies and their solutions stuck out for me:

Teach On Mars (https://teachonmars.com) who showcased a great award winning mobile learning solution with their client Parfums Christian Dior.

Make Real (https://makereal.co.uk)who are experts at creating immersive learning experiences with the use of Virtual Reality and Augmented Reality. – and for anyone who was there, yes, I did land the helicopter on the aircraft carrier at first attempt!

Asides from these great solutions on show, it did highlight for me that more and more Learning & Development teams are looking for and utilizing technical solutions to feed learning to their employees, and that in turn made me start to think about the increased cyber security risks when rolling out technical, online, connected learning platforms. In order for an online solution to work, the individual user will always have to register to ‘something’ – and the usual registration criteria is at minimum ‘First Name, Last Name, E-mail address’ – and if a hacker manages to extract all employees registration data from a platform, they can start their cunning phishing initiatives or all of the other devious ways of gaining access to a companies network and sensitive data. (Last month I wrote about Cyber Security Awareness – so check out that article if you want to know more about that)

SECURE CODING – Bear with me – don’t be scared of the word ‘CODING’ – but I do need your help to share this with your colleagues who develop your in house solutions, apps, platforms etc..!

In this increasingly Agile and DevOps driven world, an extra emphasis has been placed on application developers building security into each phase of their projects. It is no longer enough to have code that “works” and place security on top of it. Security of an application starts with the developer having a foundational understanding of “Security by Design” best practices and there are a frightening amount of deployed solutions in the world today which have not been developed with Security by Design principles implemented. Security has been an afterthought. Kind of like building a Porsche, releasing it to the market, and then realizing your designers forget to add locks to the doors. Doh! (add face palm emoji)

Application Developers create solutions that live on many platforms—mobile phones, tablets, personal computers, servers, the cloud—but they all do the same thing, they write code!

Whether developers are programming in C, C++, C#, Python, Java, .NET, JavaScript, HTML, Perl, or any other language, they are creating applications that are likely not “Secure by Design.”  Security by Design principles can be generally applied to any language a developer is coding in.  

Why should you, someone working in L&D care about this?? Well, if your L&D project is dependent on some form of online solution to roll out the content or program that your employees need to go through in order to be more knowledgeable and ultimately do their job better, you would probably be upset if all your hard work resulted in a network breach, which ended up being down to insecure coding.

So, I have an ask; forward this article to your development team and tell them that if they are interested in finding out about current trends within secure application development, Security by Design and how this fits with Agile and Devops as well as an overview of the OWASP Top Ten, regardless of whether they code in Python, .Net, HTML5, JavaScript, or any of the other languages, then join our very own Jedi Jon for an interesting 30 minute online session. Date:  Tuesday 30th June
Time:  4pm UK Time
Registration Link:  https://logicaloperations.com/csc-webinar-june-2020/

About the author – James Varnham:

James is Managing Director at Logical Operations EMEA and has had an active profile in the training and certification industry for the past 20 years. His experience has traversed across private, academic, and public sector where he has held international management roles. His focus now is leading his team in helping Logical Operations’ channel of training organizations, learning institutions, government departments and agencies in Europe, the Middle East, Africa and India by distributing published learning tools and resources to improve competency development. Outside of work, James interests are playing tennis and running as well as playing the bass – and now embarking on a motorcycle license.

Connect with James on LinkedIn or Twitter

CONTACT US

Please leave your message here and we will get back to you as soon as possible.

Sending

©2020 Learning Professional Network

Privacy Policy