Everyone should know secure coding principles, says Chrys Thorsen
Infosec Skills instructor Chrys Thorsen says the increased use of apps, cloud computing and the internet of things is changing IT and the need for IT and security professionals to know secure coding concepts, standards and best practices.
As an IT and cybersecurity professional who has earned 40 different IT and security certifications, Thorsen is applying her experience as a certified technical trainer and developed three new learning paths for Infosec Skills:
- Writing secure code in iOS
- Writing secure code in Android (releasing soon)
- CertNexus cyber secure coder
FREE role-guided training plans
A quickly changing cybersecurity landscape
Thorsen says the average developer in history was always adding security as an afterthought. If they spent a little more time with security in mind, apps and users' data would be much more secure and less likely to leak private information.
"This is what I try to instill in these learning paths — writing code that is hopefully simpler, cleaner and more secure," she said. "The financial and healthcare sectors are leading the way in this and providing some best practices."
Thorsen is leading teams into the DevOps (development operations) and cloud infrastructure space in her role as a CIS admin for a large federal government agency.
"IT and security are moving away from nuts and bolts and more towards using software-based, software-managed networking — and using the scripting languages, especially, to do that," she said. "IT and security professionals need to add to their skills. These courses will help them do that and continue to be on the cutting edge."
Learning from an IT leader
Like many top IT professionals, Thorsen has decades of experience on the infrastructure side of the industry, and she's now focused on managing software development projects and helping train the next generation of IT and security professionals.
She says the distinctions between infrastructure specialists and developers are being erased with DevOps. Starting now, all infrastructure people should understand the basics of coding, and all developers should understand the infrastructure around what they're coding.
"My primary strength is I'm a trainer," she said. "If you want to talk about network security, infrastructure security, pentesting and white hat hacking, that's my wheelhouse. And that's some of what you'll learn in these learning paths."
She added that everyone should have some level of familiarity with coding to write scripts to automate their testing.
"You don't need to be an expert, but you do have to know how to read code and be able to look at something and understand what's going on," Thorsen said. "These learning paths will show you how it's done. Then you'll be examining code and fixing it and writing secure code."
Writing secure code in iOS and Android
Learning paths for the two most-used mobile device operating systems — iOS and Android — are packed with practical tips, tricks and lessons in writing secure code that Thorsen has learned during the past 20 years. She has written the learning paths for beginning developers, but intermediate and advanced developers also will benefit.
In both courses, you will learn about secure code, examine source code and find weaknesses and vulnerabilities, and then learn how to fix the code and test it. The iOS learning path focuses on Swift, Apple's new programming language, and teaches best practices for addressing the most common iOS app security mistakes. You will also learn the limits of Swift as a secure language and how to compensate for those limits.
Both learning paths cover all known significant vulnerabilities and teach how to research and identify unknown upcoming vulnerabilities. Thorsen said that after the courses, you'd automatically be including secure code as you develop.
"First, I lecture on the principle and the why, and then I show examples in code, and I talk about, 'OK, here's where it's done.' Then we have labs where students download and open code to examine it, conduct testing and make security changes like adding a password checker."
Roughly half of each learning path involves hands-on labs for Android and iOS, putting into practice what was discussed first in theory, then shown in examples.
"They build the app in an emulator so that you don't have to have the hardware like an iPhone or Android device. They try it themselves and learn by doing it together," she added.
The iOS learning path contains seven courses and more than 25 hours of material, including topics like input validation, memory corruption, encryption, access control and protecting data and software integrity.
Thorsen is putting the final touches on the Android learning path, which will be released soon.
A solid resume polisher
Thorsen says these learning paths could open up new job opportunities in places where people's data is at risk.
"If you're going to lead a team, or if you're going to be a developer for a company that cares about security, like a financial or health firm that builds their own apps, they're going to care about security. If you're a developer or do any type of quality assurance, you've got to be able to look at code, and that's a big added value," she said.
FREE role-guided training plans
"There will be organizations that are really serious about security and secure coding. It will never hurt you, and it will probably always help you in a job interview to say, 'I'm not only a developer, but I'm a secure coder.'"
She and her team recently developed an app in Android and iOS that allows people in a developing country in Africa to conduct banking and access financial products. She also worked with a multinational financial company with 40,000 IT employees that pioneers apps and financial services dependent on secure code.
"They're super serious about security, and they do lots of quality assurance. So the opportunities are out there and will only increase in coming years."
Get unlimited and self-paced training for you or teams in your organization with Infosec Skills.
- 190+ role-guided learning paths
- 100s of hands-on labs & cyber ranges
- Custom certification practice exams
In this Series
- Everyone should know secure coding principles, says Chrys Thorsen
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity