Skip to content

Learning Science Principles in AppSec Education: Your Key to Success

Learning Science Principles in AppSec Education

Published on

Rolling out an employee training program requires commitment across the board. Stakeholders at all levels want to see a return on investment to justify the budget and time required by these programs. 

And while no outcome is ever guaranteed, your training program stands a far greater chance of success when it is built on a solid foundation. One cornerstone of this foundation is a curriculum designed around proven factors that drive knowledge gain, learning retention, and behavior change. 


What is Learning Science?

Learning science is a multi-disciplinary field that studies the factors and influences that help people learn best. Learning science methodologies can be implemented by curriculum designers to build courses and lessons that help learners – especially adult learners – achieve greater success.  

The Security Journey training platform was built on proven learning science principles and methodologies that focus on adult learners and their unique needs. Every lesson, path, and exercise in our secure coding training program is structured to give learners the right conditions to optimize their ability to retain and apply new knowledge and skills.  

The platform also leverages the Kirkpatrick Model to structure courses and assess training effectiveness. This includes our proprietary Learning Swing functionality that allows learners to self-assess their knowledge level before and after each lesson.   

Leveraging learning science is a proven way to guide adult learners to success. 


What are Learning Science Principles?

Building any training curriculum means adhering to some common principles of learning science, including those listed below. These principles rely on powerful instructional design concepts and methods that educational professionals have developed and refined over decades of research and study. These strategies are proven to help teach and reinforce new knowledge and skills. 

Research conducted at Carnegie Mellon University incorporated these key principles in a modern business setting. The research focused specifically on cybersecurity education and proved that following these principles was a successful way to teach learners how to protect themselves from cyber-attacks.

For our platform, we adapted this proven training strategy to meet the needs of developers and the people they work with to create secure software.      

Secure Coding Learning Science Principles

Short, bite-sized lessons 

Keep each lesson short, less than 30 minutes. This lets learners focus on small pieces of information their minds can easily digest and retain. Most of our lessons are shorter than 15 minutes, allowing learners to tackle assignments around their day-to-day workloads. 

Conceptual and procedural knowledge 

Define big ideas, then follow up with the opportunity for hands-on practice to apply new knowledge. This helps learners internalize it. For secure coding training, this means the opportunity to break and fix code in a safe, secure application sandbox. 

Contextual training 

Give learners a familiar environment to work in – like a development environment that incorporates the tools, languages, frameworks, and issues they face each day. This makes learning feel more realistic. The more learning mimics real life, the more engaged learners will be. 

Practice while learning 

Offer opportunities for learners to put their new knowledge and skills into practice during their training sessions. This is a terrific way for learners to internalize and refine new skills in real-time. Our hands-on exercises for developers in a live sandbox environment provide that opportunity. 

Immediate feedback 

Explain what learners did right – and what still needs to be worked on. This feedback is invaluable and helps bridge knowledge gaps in real-time. For developers, that means immediate feedback is provided upon code submission. For all learners, quizzes following each lesson reinforce knowledge gain. 

Continuous training 

Provide learners with training opportunities throughout the year. This keeps security top of mind from January through December. One-and-done training is never the solution for application security. Keeping learners learning throughout the year reinforces knowledge and builds a security culture. 

To experience our learning science principle-based education in action, try our training today.