Matias Madou is the co-founder and CTO of Secure Code Warrior. As coronavirus rages on and the pandemic hits businesses worldwide, we were lucky enough to sit down and talk to him about the importance of secure code, why learning coding can actually be fun and why he is on a mission to make the world of coding safe from the start, for everyone’s security.
Read it below to discover it for yourself.
Can you give me an overview of Secure Code Warrior and what differentiates you from other companies in the market?
We are really targeting developers and organisations. Security is sometimes regarded as negative and we want to be positive, we want to help the developer. We tend to work well in large organisations because we have a very scalable solution. We have a Saas solution. The way we do that is we give relevant security training.
How do you make it relevant to the developers expertise?
We do hands-on training. Name a programming language and we have it. It makes it super relevant for large organisations, because who knows how many languages they are programming in at large organisations. If you have 10,00 developers it’s impossible to know what they are working on.
So, you do that through your courses?
If we land an organisation, say Zoom, for example, they look inside and say ‘we really want to focus on this category of problems’, what we can do with courses is that we can tailor this even more towards an organisation like Zoom or another big organisation.
We can say we really want to focus on ‘this’’ and we’re going to send it out on what they’re doing on a day to day basis. The course will take them through step by step in their language, in their chosen framework. Our objective for the day is to eliminate a particular category and this is the problem and this is how you solve it.
What types of organisations are you working with mainly?
We work with large organisations, especially where the bits are money. For instance, if you’re a bank, the bits are actual money, so they take security very seriously. Our initial target was financial institutions. It’s the reason we started with languages like Java and dot.net because that meant we were able to focus on the financial institutions.
But then we brought in our language coverage and we added more languages for embedded systems and more for technology.
What effects has that had on your business?
Lately, what we’ve been doing is focusing on infrastructure as code languages. We have all the traditional languages and we are getting closer and closer, the way we deploy everything is programmed.
So we added language and training modules into the infrastructure as code languages, like cloud formations, Terraform, Docker, answerable, and Kubernetes. We added those training modules, and this gives us reach to a new type of company the kind that is kind of cutting edge.
Everybody is using it but not everybody is using it in the right way so we tend to get into a category where companies move from the waterfall mechanism, to agile and eventually to DevOps. We have managed to land the type of organisations that are really cutting edge in terms of how you create something.
During COVID, have you seen a greater rise in the use of your services?
Everything is now digital. There’s no longer in-person conferences which means that we do more of these digital conferences and it’s quite interesting, and I think there are more developers attending these digital conferences. If you don’t have to go to a place, it’s easier to chip in and we have seen an uptake in participation
We have something called tournament mode. Where you essentially participate in solving these riddles and learning about security and learning about writing secure code. You score points and you do that in a language and framework of your choice. You play against each other score some points and ultimately at the end of the day you can win some prizes. It’s a fun and engaging way to learn about software and writing secure code.
We have seen an uptake in participation when we host these tournaments and we can tell because we can see a lot more developers are active.
Why do you think your platform is growing in popularity recently?
I don’t know what the exact reason is. My personal on is that I think because they no longer have to commute, they work from home. They look for something new and something interesting, and they tend to land on our platform and check out what we are doing because the way we approach the problem is in a positive way, with some gamification elements to make it fun and interesting.
What’s the ethos of Secure Code Warrior, do you want to improve general coding, or create an education platform for a select group of developers?
One thing I see is that there is a natural progression for developers. Developers, when you learning about coding, you miss a semicolon and its syntactical, once you went through it you start thinking about algorithms and you think, ‘how do I program?’
Then you start to think about how does this whole system fits together? Then eventually, you start to think, ‘how are people misusing my code from a security perspective?’
Do you think security is the most important part of coding?
The thing that I see is that people who have an interest in security, tend to be top-notch developers because they went through all the stages of being a developer. It’s the end-stage. So, my suggestion for people who are developers is to learn about security because you will be higher ranked than other people. That’s one thing.
What’s the second thing?
The second thing is, depending on which outlet you follow, there are 50 million developers on planet earth and they are all writing code. They are all somewhere in that stage, they can be a beginner or a top-notch developer. Our goal is to make sure the only code that they write is secure code, it should not be misused. Today, we’ve got 150,00 people on our platform but we’ve still got a long way to go to reach all of the other developers and till they write secure code. So, our ultimate goal is to make sure that they write secure code, every single developer in the entire world.
Do you have a story from working in the security business that you would like to share?
I started my career at Ghent University pursuing a Ph.D. in application security, with that degree, I actually moved to the US and I joined a company. What they were doing was trying to find problems in codes. They were really good at finding vulnerabilities in code and bringing it back to the developer.
It took me a while to realise, I was there for seven years but at the end of it I was like jeez that’s a really good business model because you’re finding problems in code but you’re never telling the developer how to write secure code in the first place. So, of course, you’re going to find problems in the code, it’s a given. It’s like asking someone to build a race bike and once its built, you say now I’m going to steal that bike and guess what, you know you’re going to be able to steal that bike. I asked, ‘What’s the root cause of the problem? Its code? Who’s writing the code?’ Its developers!
What are we doing? Well, from a security perspective we’re either hammering the developers and saying no! Bad bad! Or we’re building initial walls around code or we’re building code on top of code. I was like maybe we should start with the root cause of this problem – which is the developer writing code. How can we help him and not being the stopper and blocker? That’s what security has been for the last 10-15 years. Stop, bad, no. So that’s why we started Secure Code Warrior, we want to help the developer because it is him who creates these bits and bytes that will eventually become working software.