Skip to content

Case Study Technology/Marketing Automation

A Leading Marketing Automation Company Takes Secure Coding Best Practice To Another Level

Security Journey Case Study Marketing Automation Header

Take a Page From This Company’s Secure Code Training Playbook

Security Journey Case Study Marketing Automation Header

The Company

This best-in-class company is an established leader in the cross-channel marketing industry. They work with more than 1,000 retailers and brands, providing leading-edge SMS, email, identity resolution, and behavioral marketing solutions. The company embraces the importance of secure applications which protect their customers’ data.

Case Study at a Glance

  1. The Challenge This marketing automation company needed secure coding training that covered both offensive and defense secure coding.
  2. The Solution Security Journey's AppSec Education Platform, based on proven learning science principles, was used to create training that helped developers understand the 'how' and 'why' of application security.
  3. The Outcome The company’s developers not only become absorbed in the program, but also learn new tactics to apply to their applications.

The Challenge

Security Journey Case Study Marketing Automation

Many of the company’s developers hadn’t had much exposure to the offensive side of secure coding. The company knew they needed a training solution that offered offensive and defensive lessons to equip their developers with the skills to go after vulnerabilities by teaching them to think like hackers.

After exploring their options, the company came to Security Journey because they met the company’s extensive list of requirements.

“We didn’t find anything else on the market that taught both offense and defense that was worthwhile. The other solutions’ offensive content seemed trivial. We stopped looking at any other products after we found Security Journey.”

The company was looking for a truly hands-on training approach that offered enough relevant content to plan and schedule a 12-month training plan that wouldn’t be redundant or boring. Their training requirements were:

  • Offensive and Defensive Training - They believed teaching developers how exploits are executed and how to prevent them would be more effective and memorable than simply teaching them how to fix vulnerabilities.
  • Engaging Hands-On Approach - The company appreciated that our claim of hands-on literally meant their developers had to write secure code.
  • Extensive Training Library with Digestible Lessons - The company wanted the lessons to be brief and focused on making the best use of developer time but still enabling them to learn multiple topics each month.
  • Capture-The-Flag (CTF) Events -  With the help of their Security Journey Customer Success Manager, a custom training plan was developed that taught concepts included in a hacking challenge mid-year. 

“Security Journey made it easy to set up and run the hackathon. Our customer success manager helped tremendously and gave us a roadmap that matched the hacking challenge to the lessons that the developers had already completed.”

The Solution

We're Here Every Step of the Way

Due to the amount of experience the marketing automation company’s leaders have in development, they know what it takes to run a successful, secure coding program. They applied learning science principles to create their developers’ training schedules for 2021 and move into 2022, understanding the importance of repetition in building long-term memory. They wanted their developers not just to know the ‘how’ in secure code, but the ‘why’ was equally important.

“Early on in the training program, developers questioned why they needed to learn offensive techniques, which opened up the conversation amongst their peers and with our security team. I was happy to explain the importance of understanding how hackers exploit code and how it improves skills in finding and fixing vulnerabilities”

Another page in their best-practice playbook was time. The Director of Information Security was mindful of the hour per month his team had available to dedicate to secure coding training which meant bite-sized yet robust lessons were imperative. Because Security Journey lessons only take between 20-30 minutes to complete, his team could get through at least two, if not three, in that hour timeframe.

Every month is a different theme with two to three lessons, again being respectful of their developers’ limited spare time. However, during their first year using our platform, the developers were so engrossed they worked ahead of schedule. Many completed the lessons far before the due date.

Next, the company will be covering many of the same topics to reinforce the training already completed and will add newly released lessons as well.

SJ_Leading Marketing Automation Company Case Study_23

The Results

“Your content is worthwhile, and we see that you’ve already added to it since we started. We have no reason to  look anywhere else.”

Initially, a secure coding program was a hard sell, and some developers were concerned that their progress or scores would impact their growth within the organization. However, the leaders recognized how important it was to communicate the main objective of the training: improve security knowledge. They made sure to alleviate their developers’ fears, which led to a successful training program. 

Because the content teaches practical skills, the company’s developers not only become absorbed in the program, but also learn new tactics to apply to their applications. By replicating last year’s lessons for the current year, the company’s holistic approach to repetition means those developers will retain the information long-term. For future sessions, the marketing automation company is considering integrating their SAST and DAST tools to create adaptive training that will focus specifically on vulnerabilities within their organization.

Download the Case Study

Learn how a world-class marketing automation company integrated Security Journey into its secure coding culture and built a program that their developers love.