Secure Code Warrior is a secure coding platform that sets the standards that keep our digital world safe. Pulse 2.0 interviewed Secure Code Warrior CEO Pieter Danhieux to learn more about the company.
Pieter Danhieux’s Background
What is Pieter Danhieux’s background? Danhieux said:
“My passion for computers and networks developed in high school, sparking a deep interest in the nitty-gritty, inner workings of software and hardware. I began my career in information security early in life around 1999, taking two summer intern jobs with two-factor authentication companies, and was one of the youngest people in Belgium to obtain the Certified Information Systems Security Professional (CISSP) certification. My sweet spot was in ethical hacking, as it remains to this day. Before moving to Australia, I co-founded BruCON, and spent time building CTFs with The Hex Factor. I felt inspired to pursue a whole range of other cybersecurity certificates from CISA, GCFA, GCIH, GPEN, and GWAP. I’m currently one of the select few people worldwide to hold the top certification of GIAC Security Expert (GSE).”
“It’s been quite interesting to see how my love for software and cybersecurity has led me to where I am now, as co-founder & CEO of a cyber start-up where my skills morphed from commanding computer systems to leading a company with 230 amazing employees around the world. Before starting Secure Code Warrior, I was part of the leadership at BAE Systems as head of delivery of the Applied Intelligence business unit. Before that, I worked for seven years at Ernst & Young in Europe as one of their information security experts, running a team of attack and penetration resources operating in the financial industry and telecommunication space.”
Formation Of Secure Code Warrior
How did the idea for Secure Code Warrior come together? Danhieux shared:
“Gadgets and electronics have always interested me. When I was younger, I used to spend countless hours pulling apart my family’s computers and radios and putting them back together. Even into early adulthood, my obsession entered the software realm, where I began testing its limits and finding ways to break it. I even traveled alongside 20-30 other ethical hackers who shared the same thrill of finding exploitable cracks within software. 20+ years later, I still came across one common theme: it wasn’t getting any harder to break into these systems. Decades had passed, and the same bugs were still prevalent.”
“I realized I had spent so much time training individuals to break in, but I wasn’t focused on the root of the problem. This led to a passion for empowering software engineers to proactively defend their software and stop insecure code from being introduced in the first place – ultimately allowing me to co-found Secure Code Warrior. When the company first began in 2015, I worked alongside two other full-time employees, where we worked toward our original mission statement: ‘To make the world a more secure place by developing an innovative education platform that will change the way developers behave.’”
Favorite Memory
What has been your favorite memory working for the company so far? Danhieux reflected:
“Startup life isn’t for the faint of heart, and there are many ups and downs along the way. No matter the circumstances, however, each of these moments has taught me invaluable business lessons that have helped me grow as a leader. I wouldn’t change the steps taken to get us where we are today: a thriving scale-up with a global presence, and playing an integral part in changing the conversation around developer-driven security. It has taken much tenacity to get here, but two distinct memories come to mind when I reminisce on our progress to date.”
“I distinctly remember walking the streets of Singapore (after my favorite meal, of course: black pepper crab) and being surrounded by the towering buildings and flashing neon signs of many of the big global banks. I realized most of them were our customers. For a small Australian startup, that was my “a-ha” moment that we are impacting thousands of developers around the globe. Over 600 enterprise customers utilize Secure Code Warrior’s suite of tools to enable a security-aware development team in their organization.”
Core Products
What are the company’s core products and features? Danhieux explained:
“Secure Code Warrior builds a culture of security-driven developers by helping them grow and maintain secure coding skills. Our flagship agile learning platform delivers relevant skills-based pathways, hands-on missions, and contextual tools for developers to rapidly learn, build, and apply their skills to write secure code at speed, actively reducing vulnerabilities in their codebase. The industry-first SCW Trust Score also delivers data-driven insights that quantify the impact of an enterprise’s secure coding program. With this suite of tools, security teams can:
— Scale secure coding excellence across their organization
— Build and verify application security skills
— Gain real-time security advice, and monitor skill development
Core learning and platform features include:
— Multiple Learning Activities/Pathways
Self-paced learning, customized curriculums, skill assessments, tournaments, hands-on challenges, coding labs, missions, and explanation videos
— Multiple Language and Content Options
Over 65 programming languages and frameworks, including C++, Python, Java, PHP, JavaScript, C#, and more
— Program Measurement and Benchmarking
Measure the effectiveness of your secure coding training with the SCW Trust Score. This innovative tool offers a data-driven assessment of your development team’s skills in secure coding and application security
Challenges Faced
What challenges have Danhieux and the team faced in building the company? Danhieux acknowledged:
“One of the most significant challenges in my sector is for organizations and CISOs to accurately measure and prove the security posture of their developer teams. For the longest time, the industry lacked a clear standard to which they could compare themselves, and this has led to a real guessing game when determining whether security training programs are producing any meaningful growth. CISOs need a way to benchmark the progress and security aptitude of their developers, which is why Secure Code Warrior developed and released our developer Trust Score.”
“Another challenge we’ve been seeing is a lack of oversight in how AI is being leveraged within developer teams. Companies need to be educated on how they can implement this technology and experiment with the very real productivity gains that AI can offer as “pair programming” partners, without sacrificing security best practices within their software development lifecycle. Outputs from AI must be evaluated by security-aware developers. Secure Code Warrior helps address this challenge by exploring the most effective ways to test developers’ practice of responsible and secure AI use.”
Evolution Of Secure Code Warrior’s Technology
How has the company’s technology evolved since launching? Danhieux noted:
“In 2023 alone, Secure Code Warrior saw tremendous growth:
— 100% growth for our annual Devlympics global secure coding tournament
— Over 400,000 developers using the Secure Code Warrior Learning Platform
— Data analyzed from 30% of our user base – almost 75,000 individuals – revealing that developers who learn and apply secure coding practices with Secure Code Warrior introduce 53% fewer vulnerabilities into their organization than their peers.”
“When thinking back to 2016, Secure Code Warrior celebrated its first full year as an organization with around 575 developers using the platform in some capacity. At that time, we had “code review” exercises in 5 programming languages. Today, we support over 60 languages:frameworks, including every language used in web, API, and embedded automotive environments. Since starting the company nine years ago, we’ve always championed software developers as the foundation of their security teams. Our product suite has grown from humble beginnings to a multifaceted, modulated ecosystem covering multiple play modes to simulate real-world scenarios. It reaches the developer through different pathways that suit their learning preferences. Our powerful range of integrations with vulnerability scanners, bug bounties, and development tools ensures the most cohesive, tailored, and effective learning experience.”
Significant Milestones
What have been some of the company’s most significant milestones? Danhieux cited:
“Last July, we closed our Series C funding round of $50 million—the largest investment since the company’s inception, bringing our total funding to over $100 million USD. We’ve leveraged this funding to accelerate our innovations and deliver new platform enhancements and offerings, which have been crucial for empowering developer and engineering teams with the skills needed to adapt to changing development environments, growing adoption of AI technologies, and emerging vulnerabilities. In 2021, we were inducted into the JPMorgan Chase & Co Hall of Innovation. The award recognizes emerging private companies who have had significant business impact and delivered innovative, enterprise-ready technology solutions to JPMorgan Chase.”
“Our most recent milestone was the release of Trust Score at the beginning of May this year. Trust Score is the first industry standard of its kind to provide a baseline of the impact of a company’s learning programs and enable security, developer, and engineering teams to collaborate more effectively and recalibrate skills training. We are also looking at future AI-powered solutions to bolster our formidable suite of products.”
Trust Score Developer Benchmark
Can you elaborate on your recent release of the “Trust Score” developer benchmark and how CISOs will be able to leverage this moving forward? Danhieux pointed out:
“Organizations are witnessing the rise of developer-driven security due to increased demand for rapid application development and a surge in lines of code produced due to AI integration. Modern CISOs need to be able to measure the effectiveness of every part of their security program, yet, to date, tangible insights into developer skill levels in security have proved elusive. We developed and launched the SCW Trust Score to be the only data-driven skill score that directly links to favorable security outcomes, and quantifies the impact of an organization’s security program.”
“A strong security program has three major components:
— Visibility of its effectiveness
— Data-driven measurement to understand how organizations compare within their industry
— Flexibility to adjust goals based on the pace and skill level of the development team”
“These standards can provide the current state of an organization’s security learning program and enable teams to optimize their performance. At the individual level, this helps developers identify what’s going well, what needs improvement and essentially helps create a learning path forward for continued growth. This will prove especially helpful as the developer role continues to evolve.”
Customer Success Stories
When asking Danhieux about customer success stories, he highlighted:
“A success story that comes to mind is our most recently published case study, in which Netskope launched a developer training program through our Secure Code Warrior agile learning platform. This enabled the company to improve developer learning, application and retention of software security principles.”
“Netskope’s global developer team plays a critical role in driving new cloud security innovations. However, previous educational training programs were not producing high developer engagement, and the training efforts began to challenge productivity. The team sought a refined approach to keep up with accelerated software development demands and provide more hands-on learning experiences. In working with Secure Code Warrior, Netskope built a program that made security content visible and accessible to developers, enabling them to be security champions.”
“It’s also worth repeating that the analysis of our Learning Platform data – covering 30% of our user base, or almost 75,000 individuals using Secure Code Warrior – revealed significant productivity gains and the introduction of 53% fewer vulnerabilities into their organization than peers who do not use Secure Code Warrior to learn and apply secure coding skills. This data specifically assessed development cohorts and how they performed in terms of writing better code and the speed of fixing and identifying problems themselves.”
Differentiation From The Competition
What differentiates the company from its competition? Danhieux affirmed:
“We differentiate because we don’t measure success by how many developers have watched a video or played a challenge. We focus on tangible outcomes for the CISO, which always center around vulnerability reduction and productivity gain. That is, finally achieving what many thought was impossible: security at the speed of innovation.”
Future Company Goals
What are some of the company’s future company goals? Danhieux pointed out:
“We have some very exciting innovations in the pipeline this year that will leverage the data-driven insights collected from Trust Score to create more targeted evaluations and training opportunities for developer teams, as well as enhanced measurements to compare your company’s security standing with others in the industry. We also have multiple initiatives in our pipeline that will directly address AI pair programming and the safe use of AI coding assistants.”
Additional Thoughts
Any other topics you would like to discuss? Danhieux concluded:
“Looking toward the future, AI will continue to make an impact, but we will never lose the need for human oversight of any automated tool. When I think about how the role of developers will change with AI, and how developers are currently using it to generate code, I ultimately believe that, over time, developers will write less code themselves, but they will become more focused on software architecture. Over the next year or so, developers considered “average” or below will realize that they will be replaced unless they work on refining and upskilling. They will need to start assessing their situation in terms of skills and learning opportunities.”
“If I was a developer right now, I would learn about the things that AI cannot do, or is weakened by. This understanding brings a level of impact to an organization that is invaluable. AI tools can write average code, but the technology has weaknesses in terms of performance, security and privacy. The concept of the “average” developer is entering its pilot stage: In order for developers to stay relevant in the future of AI, they will need to learn to work with AI tools, understand their inherent weaknesses, and navigate them as the master ‘pilot’ ultimately making decisions with a contextual understanding of how components are used. AI remediation itself is also in its pilot stages. That is, in addition to the tools that help write code, there are tools for code analysis to discover vulnerabilities within code.”
“Deciphering security best practices and spotting poor coding patterns—the type that can lead to exploitation—has emerged as a skill that developers must prioritize and that companies must invest in at the enterprise level. We cannot replace the critical “human touch perspective,” which provides the contextual knowledge of both the codebase and intended software usage to adequately defend against increasingly sophisticated attack techniques.”