Skip to content

Case Study Technology/Software Industry

Zoom Selects Security Journey to Drive Application Security Excellence

Security Journey Case Study Zoom

Discover how Zoom transformed their application security training with Security Journey.

Security Journey Case Study Zoom

The Company

In a short span of time, Zoom has experienced remarkable success, transitioning from a startup to a widely recognized brand. Its user base has grown exponentially.

In fact, 86% of the Fortune 100 choose Zoom (2022). As one of the leading video conferencing platforms on the market, Zoom constantly introduces new features, integrations, and capabilities.

Zoom’s development and security teams work hard to maintain top-notch security while delivering superior software to customers worldwide.

Region

North America

Number of Users

2,600

Company Size

Enterprise

Industry

Communications Technology

Case Study at a Glance

  1. The Challenge Zoom needed a new secure coding training partner for their fast-growing engineering team to support new features, integrations, and capabilities.
  2. The Solution Security Journey's AppSec Education Platform was implemented to support secure coding practices with required learning paths for new engineers, integrated vulnerability tracking, and custom yearly training refreshers.
  3. The Outcome Zoom saw an immediate return on investment after implementing Security Journey’s AppSec Education when developers proactively returned to previously completed code and addressed vulnerabilities based on what they learned in their training.

The Challenge

Security Journey Zoom Case Study

Zoom started the build phase of its application security training program in 2020 with security awareness training for its development team.

As the company and customers grew, the need for more compliant and consistent secure coding practices also grew. To meet customer requirements, Zoom needed to meet US and international requirements such as ISO27001, SOC 2, ENS, and C5 among others.

“This [AppSec] doesn’t always come naturally to developers. It’s not that they don’t want to be more secure; they just don’t always know how,” said Robert Walker, who leads Secure Software Development at Zoom.

The Zoom leadership team hired a full-time, in-house training manager to shift the developers from an awareness training program to an application security education program.

Zoom was growing its Security Champions program, reaching 200 employees. These Security Champions were ready for more advanced security training to satisfy their champion status and work to mediate security issues.

Zoom sought a new developer training solution to meet its growing needs with highly-tailored content focused on the innovative workings of Zoom’s platform.

The Solution

We're Here Every Step of the Way

After deciding to look for a new developer training solution, Zoom evaluated three application security training providers and chose Security Journey as their long-term partner.

“Security Journey was collaborative with the team at Zoom to help understand our needs and how they could help us reach our goals,” said Robert Walker. “The higher level of service from your teams really gave you an advantage.”

The new training program from Security Journey was rolled out for Zoom’s entire engineering team, including their Security Champions, who needed the deeply technical content to advance their knowledge.

“Security Journey works in that you have to actually solve problems and code,” said Robert Walker. “I think that in terms of measuring the effectiveness, Security Journey is a fantastic product.”

The team at Security Journey worked with Zoom to ensure its needs were met on a global scale. This included adding more language options and changing the default configuration to display the written transcript side-by-side with video content. This helped to improve usability for employees who do not speak English as their first language.

Zoom is successfully integrating security education into its company culture, which supports “shifting left” in its security development lifecycle.

The Results

Zoom has defined a variety of key risk indicators (KRIs) to assist with quantifying risk in its software pipeline. They monitor those KRIs on an ongoing basis to identify opportunities for improvement. Since rolling out the new application security training, the team has received overall positive feedback from engineers and developers. Their learners are engaged and find the content to be contemporary and well-presented.

“It’s taking engineers a bit longer to complete the hands-on training, which tells me that they are actually learning in order to work through the exercises,” said Robert Walker.

Zoom saw an immediate return on investment after implementing Security Journey’s AppSec Education when developers proactively returned to previously completed code and addressed potential vulnerabilities based on what they learned in their training.

Zoom will continue to grow its application security program, training developers to write secure code and prevent vulnerabilities in the growing horizon of new and developing technologies.

“It’s important to emphasize the importance of security at your organization with real action,” advises Robert Walker, “and make sure your program is relevant, practical, and meaningful to the engineers.”

Zoom's Secure Coding Training Best Practices

Learn how Zoom drives application security within their development processes.

Every developer must complete the Foundational Training Path before they are permitted to ship code.

When engineers request access to production source code repositories, Zoom uses the Security Journey API to verify that they have taken the appropriate training prior to being granted access.

Developers are required to take a yearly refresher designed to address trends in their codebase.

Zoom annually identifies training focus areas, and the experts at Security Journey help create a customized yearly refresher path for all their developers.

Ensuring training content is applicable to the developer’s projects.

The team at Zoom created customized training paths for developers based on feature areas, to deliver the right training to the right audience.

Download the Case Study

Discover how Zoom transformed their application security training with Security Journey