Infosec Skills author Vladimir de Turckheim explains the importance of hands-on Node.js security experience
Infosec Skills instructor Vladimir de Turckheim learned the importance of hands-on experience early in his cybersecurity career.
“There is a hands-on experience gap in traditional security education. That is the reason why professionals like me have to do a lot of research before implementing concepts. Hands-on experience not only helps in developing transferable skills but also builds on problem-solving abilities,” said Vladimir.
This gap was one of the main reasons why he got into teaching, first at Mines Nancy Engineering School and ultimately building his first Infosec Skills learning path. Vladimir has taken his learnings from over 6 years of experience into the Writing Secure Code in Node.js Learning Path.
Learning web security skills
“I designed the Writing Secure Code in Node.js Learning Path for software engineers and people who are starting or moving up in the web application security field. My recommendation is to assess their skills gap by attempting the final project first, then completing the course to fill those gaps,” said Vladimir.
Vladimir’s learning path includes seven courses and a hands-on project designed to teach you how to:
- Understand web application security principles and their implication in actual Node.js codebases
- Understand the specificities of Node.js and related security issues
- Keep security top of mind when building applications
- Know how to spot issues coming from the largest open-source ecosystem in the world
- Open and use modern application security tools such as GraphQL
Vladimir’s hands-on-project includes seven challenges spread across three Node.js projects. It reinforces key concepts from his course and helps students develop hands-on web security skills.
Vladimir’s mission: fill web application security gaps
“I started teaching to fill the gaps I’ve found in the web application cybersecurity field throughout my career. My course teaches emerging web application knowledge and skills not widely covered by other training providers,” said Vladimir
“For instance, the Crucible GraphQL concept is everywhere now, but security training about GraphQL is limited. That is why I felt the need to dedicate an entire module to GraphQL security in my course. As I always say, learning just the theory is not enough. You can learn to practically implement GraphQL security through one of the challenges in my learning path’s hands-on project.”
Additional learning sources
“Learning is a continuous process. Writing blog posts or speaking at conferences and meetups is a great starting point. To keep learning, you need to master the base concept first. So generating content on the topics you’re passionate about is a great way to learn,” said Vladimir.
Here are few ideas from Vladimir to get you started on your web application security career goals:
- Learn Writing Secure Code in Node.js
- Write blog articles for websites like Medium and Infosec Resources
- Attend or participate in conferences and webinars
- Participate in security challenges like capture the flag exercises
About Vladimir de Turckheim
Vladimir works as a software engineer at Sqreen, where he builds a tool to secure web applications. Previously, he was a professional security auditor and a web developer in agencies. He is one of the most active members of the Node.js Security Working Group, where he handles Node.js’ security of Node.js and its ecosystem.
Vladimir is an official Node.js collaborator and his contributions mostly focus on the domain of security and monitoring. He also often gives talks and training to software engineers to teach them about application security.