S3E20: Careers in Security with Veracode Co-founder Chris Wysopal

Updated on | Sign up for learn to code tips


In today’s episode of the Learn to Code With Me podcast, I talk to Chris Wysopal. Chris is the co-founder and CTO at Veracode, where he oversees technology strategy and information security.

Chris studied computer and systems engineering and became a programmer in the early days of the internet. He quickly realized there would be security challenges with the internet, so he set out to understand and address them.

In our conversation, Chris gives us an overview of the jobs available in the security industry, like DevOps and SRE (site reliability engineering). He also explains how to develop the skills to work in this field and what to be aware of when building apps. Overall, he reminds us of the importance of making sure our software is secure.

This episode was transcribed with the help of an AI transcription tool. Please forgive any typos.

Laurence Bradford 0:06
Hey, you're currently listening to Season 3 of the Learn to Code With Me podcast. I'm your host, Laurence Bradford, and this season I chat with a range of individuals who work in tech.

Laurence Bradford 0:18
Looking for a coding Bootcamp, Boston, Philadelphia based Launch Academy has helped over 500 students launch coding career since 2013. With curriculum that's updated every quarter based on hiring managers feedback and lifetime post grads support. Find out more at launchacademy.com.

Laurence Bradford 0:36
Flatiron School's online web developer program focuses on community actual development tools and features a curriculum that will teach you the skills you need to land a career as a software engineer. Get $500 off your first month by visiting flatironbootcampprep.com.

Laurence Bradford 0:53
Hey listeners, welcome to the Learn to Code With Me podcast. I'm your host Laurence Bradford in today's Final Episode in Season 3, I talk with Chris Wysopal. Chris is the co-founder and chief technology officer of Veracode where he oversees technology strategy and information security. In our conversation, we talked about the challenges tech trends create in terms of security, security issues to be aware of while you're building software applications, and the kinds of careers you can land if you're interested in pursuing paths like DevOps or Site Reliability Engineering. If you're interested in cybersecurity and related fields, this conversation is for you. Remember, you can get Show Notes for this episode, plus more information about Chris at learntocodewith.me/podcast. And if you like my conversation with Chris, make sure to subscribe on whichever podcast player you listen on. If you're feeling particularly generous, I would be super appreciative if you could leave a rating and review as well. I hope you enjoy this final episode of Season 3.

Laurence Bradford 2:02
Hey, Chris, thank you so much for coming on the show.

Chris Wysopal 2:05
Hi. It's great to be here.

Laurence Bradford 2:06
Yeah, really excited to talk to you today. I think you're the first person I ever had on the show that specializes in security. So we'll definitely get into all that. But really quick. Can you introduce yourself to the audience?

Chris Wysopal 2:17
Yeah, sure. So I'm Chris Wysopal. I'm the CTO and co founder of Veracode, started a company 11 years ago. We're now recently acquired by CA technologies. So we're part of CA technologies. And so I started the company. In order to help people produce more secure software, we always see that you need to patch your software, because there's a vulnerability in it. At the end of the day, that's something that could have been taken care of while the software was being built. It could have been built with more secure thinking in mind. And so what I do is I help people build a Secure software. So it's, you know, it's sort of right the first time you don't need to patch it later.

Laurence Bradford 3:04
All right, awesome. And definitely, I think in the news the last several years, of course, security's is always being mentioned and different kinds of hacker organizations, and even just people maybe not necessarily hacking government institutions, but I'm thinking of like the celebrities who have their iPhones hacked. So it really affects so many different facets of people's lives. But I kind of want to backtrack if you don't mind. How did you first get into the field of security?

Chris Wysopal 3:30
Yes. So um, I went to college and got a bachelor's degree in, in computer and systems engineering. So I got out of school, and I became a programmer. And I started to this was around the time that the internet was was was first, you know, becoming a public thing that you could connect to the internet. And I started researching like, what is the internet and what are the These, you know, what is a web browser? And how does that communicate and all that. And as a software developer, I started to think, Well, wait a minute, this seems like, you know, there's going to be security challenges here, because you're letting people over the network over the Internet that you don't know, connect to your computer. And that really fascinated me that that was going to be, you know, a new challenge. And I just started, you know, trying to learn learn, you know, from from books, right, because there wasn't a lot online and talking to people. And I just, I ran into some people that really were interested in also exploring security and what this meant for the new internet. So I was kind of there at the very beginning of the internet starting to think about these problems. And I guess I'm still, you know, challenged by it today.

Laurence Bradford 4:53
Yeah, I mean, I can't even imagine how much the field has changed since the early days. And what we We're thinking about working with security and you know, the 90s versus today and 2017. So, I mean, that's such a deep talk topic, you could probably talk for hours about that. Yeah. But if you don't mind doing a little quick overview, how have things changed for you working in security over the years?

Chris Wysopal 5:18
Yes. So it's, you know, it's, it's a, it's a huge moving target, right? Because what happens is, the vulnerabilities are in the software and the devices and the systems that, you know, people use, like, that's where the data is, and that's where the attackers want to get at it. And, and, and technology changes so quickly. So like, every few years, there's something new to learn. So, you know, I started off focusing on Unix, wait way back, even, you know, Linux Solaris, and then as Windows became something that businesses used, I started to have to focus on Windows and and you know, how to How do you secure a Windows machine? How do you write a secure windows piece of software? And then, you know, about 10 years ago, we got mobile devices. And then it was about iOS and Android. And now with moving to the cloud, it's like how do you secure your your software where it's running in the cloud where now it's more sort of a web interface? It's It's It's an API that maybe a mobile app talks to. So the exciting thing is the technology always changes and with the tech with the technology, you get, you know, new, new security problems you have to solve. You say, like, Well, how do I, how do I authenticate to that? How do I use encryption there? Is there a new programming language is used, that you need to understand how to securely code with those programming languages? So it's always been changing.

Chris Wysopal 6:51
And in general, you know, the, it seems like it's kind of getting better, like we learned from the past to not make the same old mistakes, but a lot of times when things move to a new platform, we start to make the same old mistakes again. So even though we got like, maybe good at securing Unix, then windows came along, and we need to get good at that. So for me, it's a very exciting, dynamic, you know, intellectual challenge to always be trying to secure what, you know enterprises are using and what developers are building with. Yeah, that's super interesting. And when you're mentioning about how technology's always changing, I'm thinking about things like driving cars, and wearables and smart homes. Oh, absolutely. No, that's I didn't even mention that. But along with, that's even the latest thing, right? So it's even even, you know, brand new is, you know, people buying devices that they're connecting to their Wi Fi network. And it just sort of talks to the cloud, right? It's like it's storing your videos up there or it's you're communicating to So it's another, it's another vector that attackers can connect to over the network. And, like you're right with with cars, and also now with medical devices, it isn't just like, you know, playing pictures anymore or playing audio, it's actually controlling, you know, big machines or you know, potentially life threatening equipment. So it's, it's, it's, it's a challenge to think about, well, what are we going to have to do to make sure that all those things are secure?

Laurence Bradford 8:30
Yeah, I guess you're speaking I was just thinking about something like an Alexa like being hacked. how terrifying that could be. Because I feel like yeah, like Alexa is always sort of turned on always sort of picking up and overhearing background noise at home, so Oh, dear.

Chris Wysopal 8:46
Yeah, yeah. So that's one of the reasons I don't have one.

Laurence Bradford 8:50
Yeah. Oh, yes. I would love to get into that. Maybe a bit maybe a bit later. Yeah. Maybe even now. What are some like basic security things that We should be aware of, I want to say as the layman, but even as someone who's just like a web developer building websites, maybe they're freelancer, and they're making websites for clients or they work at like a design agency or digital agency, they're making a course websites for clients as well. What are some basic things to think about?

Chris Wysopal 9:15
Yeah, so if you're building like, say you're building a web app, or something like that, you know, one of the things to think about is, oftentimes, we don't, you know, we don't write all the code for our application. We, we use a lot of open source components. So you're like downloading pieces of code. If it's JavaScript, you're pulling down these JavaScript libraries or just referencing over the internet. It's, that's all part of your program. So it's, it's important to understand sort of what you're doing with these building blocks of your of your software, and are those those secure. The other thing is to just get you know this there's some basic things that you have to get right to have Secure program. So, you know, you need to have, you know, authentication, right, you know, you need to have a secure way of your users, you know, identifying themself and, and showing that with a password or you know, some other way. And, you know, all those things you have, and you have to get that, right. You know, password resets and all that. So a lot of times you need to you want to, you know, you want to find pieces of code that, you know, implemented that correctly, and not have to, you know, sort of write all that from scratch. Same thing with encryption, you never want to write that from scratch. So, you want to find a good, you know, good frameworks and components for the platform you're writing, whether it's, you know, JavaScript, or it's Ruby, things like that. So you have to start to think upfront, like, what what are the frameworks and components I'm going to use to write my program and what do I know about whether those are secure or not? And that's usually typically a good starting point.

Chris Wysopal 11:01
The other part is you're going to write your code, you're going to get your application working. Another important part is security testing. Right? So how are you? How are you testing that there aren't, you know, easy to find vulnerabilities that if you put this out on the internet, the attacker is just gonna, you know, point one of their attack tools at it and, you know, scan for vulnerabilities and exploit them. So you want to think about before you publicly, you know, put the code out there so that anyone on the internet can connect to it. You want to make sure you've done proper security testing, and there's a few different, you know, ways ways to do that. That that security testing.

Laurence Bradford 11:43
Yeah, that's super interesting. And of course, it makes so much sense. As far as testing security goes so at a company, like maybe midsize to large company who is responsible for doing the security testing, testing and what kind of job description may that person have?

Chris Wysopal 11:59
Yes, so We're actually seeing that change from from what it was in the past. So you know, sort of what it is in the past. And so the way it's always been done is there's been a security team at the company. And that security team, you know, is in charge of, you know, the firewall, and putting any kind of endpoint security on laptops and things like that. But there's typically someone on that security team, that if that company is writing code, which, you know, most companies are these days, if the if you're writing code, that security team will usually be involved in testing it. And the way it used to be done was, you know, the developers would spend their time writing the application. And before they, they put made the application live, whether it was something that they shipped to their customers or they uploaded to the cloud to run or they had, you know, they were running it on their own infrastructure and open Putting it up to the internet, no matter how its deployed before it was it was, it's available to customers, the security team would then do what was called, you know, a manual penetration test where they would, you know, they would try to attack it sort of manually with a set of tools that attackers use, and sort of simulate what attackers would do. And so we're starting to see that change to more automated tools, something called static analysis, which scans the code for vulnerabilities and dynamic analysis which interacts and crawls through the whole website, and tries to attack like every form field, every input in the website. And so those those those more rigorous tools have come along. And what we're seeing is security t so someone from the security team would run those tools on a piece of Software. But more recently, in the last few years, we're starting to see the developers start to take charge and start to see the developers actually running those static and dynamic scanning tools themselves, and not always involved the security.

Chris Wysopal 14:18
Maybe if they had a question, or there's a finding from the testing tool that they don't understand, then they would go to the security team. But what we're starting to see is the developers are taking charge of it. And the reason they're doing this is because we're seeing we're seeing the trend is to write software and deploy it much more quickly than in the past. Things like the Agile movement, where you're, you're, you're, you have a small team that's able to write new updates to the code and maybe a few weeks, and there's just no time for a handoff to another team to then go and do that. The security testing, the developers have to do that security testing while they're writing the code. But we're seeing even more accelerated development with the movement to DevOps, and a fully automated pipeline, continuous deployment pipeline for writing code. So the developer can, you know, check in some code, it automatically gets built and automatically gets tested. And then if all the tests pass, it automatically gets deployed in production. So if you think about how, you know automated and fast that process is, there's really no time for another team to have a manual process around running some testing tools. Those testing tools have to be used by the developer and built right into their tool chain. So that's really how we're seeing security change. Right now.

Laurence Bradford 15:54
Sit tight podcast listeners, we're taking a quick break to hear a word from our sponsors.

Laurence Bradford 16:00
Does your current job bum you out? Are you learning to code on your own and find yourself getting stuck? With Launch Academy's, Boston and Philadelphia based coding boot camps, you'll learn all the skills you need to launch your career in programming and software engineering in just 10 weeks. With a cutting edge JavaScript curriculum that evolves every cohort to teach students the most current in demand skills is the quickest route to becoming a software developer. Thanks to their eight week prep program and a lifetime of postgraduate support. Launch Academy makes sure you get the job you want by continuing to teach you job prep skills after you graduate. That's why over 90% of Launch Academy graduate job seekers secure jobs as software engineers get started by attending an open house a free learn to code event or scheduling a one on one video interview. Make sure to ask about special offers for Learn to Code With Me listeners during your admissions interview. Find out more at launchacademy.com.

Laurence Bradford 17:02
Programming languages come and go, frameworks come and go. The one constant is your openness and ability to take on new information and use that to tackle the problem at hand. I learned how to learn again. And I learned how to be really comfortable with something that's brand new and I don't know what I'm doing. But let's read about it. Let's tinker with it. Let's figure it out. There's a bunch of stuff that I want to do and learn. And in Flatiron School taught me that I can get there being a lifelong learner. The most important first step to being a successful programmer for your whole career. Flatiron School, essentially prepared me to handle everything. Get $500 off your first month by visiting flatironbootcampprep.com.

Laurence Bradford 17:51
Okay, awesome. Seriously, I just learned so much I mentioned before the call that this is an area I am not very strong in I don't personally know a lot about So while you did such a great job explaining, thank you, I totally understood everything you said. And there's so many things you mentioned that I want to like pull apart. Okay, so, most, most recently, you mentioned DevOps, which I know is a super in demand field. I also know I think it's very similar Site Reliability engineer, right. Sorry, those are kind of similar, I believe. So could you explain a bit about what this role is and why it is so demand? And for the listeners, you may not be aware, it's actually from from my understanding one of the highest paid tech positions, because of I think, its level of difficulty and how hard it is to find good people to fill these roles.

Chris Wysopal 18:39
Yeah, so. So as part of that, you know, sort of DevOps team, you often have, you know, you're often deploying into the cloud and applications are getting just more more complex. It used to be an application was, you know, one, one program that ran on one machine. And that was like really simple say it was a web server or something. And then if you needed more capacity, you just replicated that one machine maybe had five of them and you had a load balancer in front. And it was it was just a very simple architecture. And you didn't, you didn't run into a lot of strange problems with that simple architecture. But what we're seeing now is we're we're the way modern, you know, internet applications are built is they're being built with things called micro services. And they're using the web services that the cloud provider allows them to use. So a micro service, for example, is just a small program running on a machine but instead of having one big monolithic program, you have maybe a dozen or more small programs, all talking to each other. To to make the functionality of the program. And then in turn those small programs instead of like using their local disk storage or using a local database, they're going out to the cloud provider services to use, you know, an example would be like Amazon's s3 buckets to store to store files. So they're calling out to that, what ends up happening is you end up building a very much more complex system, because you have all these moving pieces, and they have to authenticate to each other.

Chris Wysopal 20:28
They have to maybe scale up and scale down based on on the load. You know, just imagine what's happening at Netflix, when everyone finishes dinner on the east coast and wants to watch a show. All of a sudden, they're getting 10 times the traffic that they were getting earlier. So you know, things have to scale up. And so what the Site Reliability engineer does, is make sure that all all all of that works and say if one of the machines goes down, the architecture is such a way That the whole system stays up. You know, no one, no one wants to see the error screen when they connect to a site on the internet. But behind the scenes, oftentimes, you'll have disk failures, you'll have network failures, you'll have machines go down, you'll have someone update one of those micro services, and there'll be a huge bug in it. And it'll be a problem. The site reliability engineers job is to architect and plan and monitor, very important to monitor the how the system is running, to make sure that you're getting 100% uptime. So a big part of that is having the appropriate logging and monitoring of what's happening all across the system. And being able to you know, set the right alerts, that when actions need to be taken to to maintain the reliability of the system. So it's, it's it's really a job that's that's come of age because we're building these hugely complex clouds. Applications and I can see why it's you know, in high demand and it's highly highly compensated.

Laurence Bradford 22:07
Yeah, I can also imagine how stressful it could be via DevOps or site rely rely reliability engineer at a company like Netflix say, and there's a big premiere of a show and like the site is down it's part of it is down getting everyone everyone is tweeting angrily. And yeah, so I feel like for that alone, it should be highly compensated because -

Chris Wysopal 22:26
Yeah, so what so what they do, what the reliability engineer does is they'll they'll stress the system beforehand, so stress the system, they'll see how it responds and tweak it so that hopefully there's no surprises. You know, when the new you know, the new show comes out,

Laurence Bradford 22:42
Yeah, yeah. Thank you. Thank you. Thank you for explaining that. So as you're talking about all this, I'm thinking how can a person learn these skills? Are there classes one could take Do they even teach this in college I feel like a typical or traditional computer, computer science program may not cover stuff -

Chris Wysopal 23:00
That is true the typical Computer Science program does not cover this stuff does not typically cover anything that has to do with securing, you know, the the application you're building doesn't cover. You know, a DevOps development methodology doesn't cover Site Reliability Engineering. And this is one of those things that I kind of have a bone to pick with the way computer science is taught because it's very theoretical. You know, it's all about algorithms, and high level math, and it's not so much about actual day to day building of, of systems. So these are the kind of things that you have to search out more like online courses or books. To learn these kind of things I know for DevOps is a great book called the DevOps handbook. Jean Kim is the lead author, and we had all of our engineers read this Fair code. And it really talks about, you know, how do you do DevOps? What are the benefits of DevOps, and it gets into Site Reliability Engineering a bit too. It actually gets into security too. Because I think a lot of people feel like a site reliability engineering and security are part of DevOps. So if you're going to do DevOps, you have to do those other things as well.

Laurence Bradford 24:23
Okay, guy that was called the DevOps handbook by Jean Kim will definitely include that in the notes. And you definitely need to ask after where person could learn that because assuming that the typical Computer Science Program didn't teach that, however, are there any alternative programs? I know you mentioned information system to think to this way you studied are there are there any Is there anything out there maybe computer science, but is that a university where people could go to where people could go to learn?

Chris Wysopal 24:51
Yeah, I don't I'm not sure that I know of any real university courses but there's well The, you know, there's a lot of writing by, you know, on sorry, specifically up on up on Google's site, Google kind of invented this concept, I think. And they've done a lot of writing about it. So there's a lot, there's a lot you can learn by just googling for Site Reliability engineer on on Google Comm. And reading, reading some of the material that they've they've written for things like if you want to learn about security, we actually have a lot of articles on the very code website to do that. So I think in these fields, you know, it's kind of so bleeding edge, you're really kind of looking to some of the companies that are experts at it sharing, sharing some of their learnings online.

Laurence Bradford 25:46
Awesome. Got it. Thank you. So if they're, if a person wants to get into these fields, whether it's DevOps or security Site Reliability Engineering, let's just say they do have a computer science degree or something related from college, but they never learned These particular things, how do you like what is the best way to go about learning? I know especially there are books and courses and whatnot online. But are there Junior like DevOps roles or junior security, Junior security roles or Site Reliability Engineering roles that are kind of like a good entryway or maybe tangentially related roles? And then they kind of worked their way up, like the path to being on someone in DevOps?

Chris Wysopal 26:24
Yes. So I think, you know, most, most companies that are writing software, whether it's, you know, a software company, or maybe it's a, you know, a bank or something that's a big enterprise, and they're writing their own software for, you know, their online banking site or things like that, you know, places that are that are building software. They're, they're in a transition phase now, where they have engineers that are writing applications the old way, and they have engineers that are that are writing it with DevOps. You know, we're going through this at unfair code. Not every piece of code that we write is using DevOps methodology. But we do have teams that are using DevOps. So most, what you could do is you can get any, you can get a job at a, at a software company or an enterprise that is going through this transition, and you can kind of transition along with the company so you can get the, you know, you can say, I'm really interested in getting on to one of those new DevOps teams, and you can learn along with the other employees. I mean, a lot of this stuff is so new, that I think it kind of an on the job training is appropriate for a lot of it.

Laurence Bradford 27:40
All right, awesome. That's good to know. So on the job training, and that it's so new, that it's kind of refreshing, or I think it kind of levels, the playing field, the fact that it really isn't taught in universities and is so new that even if you are more of a beginner or something and you're getting into it, it hasn't been around terribly long. So it's like everyone is sort of knew?

Chris Wysopal 28:01
Know exactly, exactly not this, if someone says they have like 10 years of DevOps experience, you have to really, you know, funny because, you know, at most people who are doing it, I've only been doing it for a couple years at most. So it's, it's a, it's it's exciting to learn and I think just, you know, getting a job where the company says, Yeah, we're, we're moving down that path, that would be the kind of job that, you know, you could you could take if you were interested in learning it.

Laurence Bradford 28:29
Alright, nice, nice. Okay, so we talked about a ton of stuff today, which is totally awesome. There's one question I also have for you. And I'm not even sure if this is an appropriate question to ask if it's even accurate, I don't know. But I again mentioned before the call I do writing, I interview different people who work in cybersecurity and related and I hear these different terms like chief security officer, data protection officer and things of that nature. What is kind The differences and maybe in the past for someone who wants to go down the securing web applications, which I think would be more the site reliability and the DevOps, and then versus someone who's more so interested in protecting, like the data that the company is collecting from users.

Chris Wysopal 29:16
Yeah. So on the security side, we call, typically call them, you know, Application Security consultants, or sometimes they're called, you know, a, you know, manual penetration tester if they're doing it manually. And to get to get, you know, those, you know, though, those people are the ones that help the developers secure, you know, secure their software. And oftentimes, they, you know, usually they're actually former developers because they have to be able to talk to developers understand things at the code level. So they're really developers that were then interested in security and learn Learned learned from there they started as developers, someone who's like a, you know, a data protection officer, you know, they're really focused on, you know, encryption of the data. And then you know, access control, like who has access to the data. And a lot of times they're, you know, sort of thinking about privacy policy and like, what what data can we let certain people look at, and, and that, that that role is, you know, a lot of it is around access control and privacy and in like that, if you're, you know, someone who's a chief information security officer, that's more of an executive position that really needs to be able to communicate with the other executives in the company and talk about why you know, security is important to protect the brand of the company to protect the company from getting fined If it's in a regulated industry.

Chris Wysopal 31:02
So this seaso is usually how CIO is pronounced. You know, it's talking with the CTO who's building software, they're talking to the, the, the, you know, the general counsel, about maybe about compliance, oftentimes are talking with the suppliers of the company, the people who are, you know, in procurement, because, you know, if you have a supplier that's supplying a service to the company, that means your company's data might be out, you know, in the cloud, in some SAS companies environment. So the seaso really is someone who's not really you know, down in the weeds doing coding, they're more dealing with the business risk problems of the company. So, you know, you can see people take a career path of starting off as you know, a network security person or an application security person is they as they grow in their career, and maybe they grow into management, maybe they want to go into a more seaso role. They want to do that or they might want to stay, you know, doing, you know, more of the hardcore, you know, coding level work. So it's a it's a pretty big, pretty big field.

Laurence Bradford 32:14
Yes. And the other one I forgot to mention Oh, and thank you for clarifying How to Pronounce c so I was saying c so I think because I never actually maybe heard anyone say it out loud or I never I never made the connection but in any event, CIO, right, Chief Information Officer.

Chris Wysopal 32:30
CI, oh CIO, Chief Information Officer, that's someone who is really in charge of all the IT systems of the company but also is often these days has to deal with you know, procuring services, because there's less infrastructure running a companies now where you're you know, you're downloading and installing software on you know, in your data center, more and more your your you're going over the internet You're using applications like you know, like sales force, things, things like that. So the CIO is typically in charge of making sure that the infrastructure is working to the network is up, the email is working, you know, lap up, everyone's got their laptop. And from a security perspective, they often you know, can overlap a bit, you know, making sure all the systems are patched. You know, Windows update is running and things are configured securely. So, sometimes the CIO ends up doing a little bit of the security work. That's more of the sort of the day to day making sure laptops and servers are secure, but their real responsibility is making sure the infrastructure is there so the business can take can leverage it technology to work.

Laurence Bradford 33:49
Awesome. I just want to thank you again, so much, Chris, for coming on the show. After you're about like the 16th person to come on and Okay, yeah, for the first time ever talking about soon curity DevOps and related careers paths in such detail. So I just want to thank you for that. And finally, I would love if you can let the audience know where people could find you online.

Chris Wysopal 34:10
Yeah, sure. So, I am pretty prolific on Twitter. So Twitter is probably the best place. My Twitter name is @W-E-L-D-P-O-N-D. So that's a good place to see me. And I'm often talking about, you know, Application Security topics and DevOps topics and how we need to embed security into the development process. So that's, that's, that's a big focus of, of what about what I what I tweet about.

Laurence Bradford 34:43
Awesome, thank you so much again, for coming on.

Chris Wysopal 34:45
Thank you so much.

Laurence Bradford 34:52
I hope you enjoyed our conversation. Again, the Show Notes for this episode can be found at learn to code with.me forward slash podcast. If you're listening to this episode in the future, simply click the Search icon in the upper navigation and type in Chris's name. That's spelled like C-H-R-I-S., and his last name W-Y-S-O-P-A-L. This is the final episode of season three of the show. But don't worry, because season four is already in the works. I'll be back with another round of interesting and inspiring guests in the fall. In the meantime, make sure you're subscribed to the show on whichever podcast platform you're listening on. This way you'll be the first to know when Season 4 launches. In there are plenty of other ways to get your fix of coding inspiration and advice while I'm gone. The easiest way is to go to learntocodewith.me and enter your email address in the form at the top of the page. I'll send you my 10 Tips for Teaching Yourself How to Code and also let you know when I publish a new blog post or come across another useful resource. I also write regular tech articles for Forbes, which you can find at learntocodewith.me/Forbes. Thank you once again for tuning in to Season 3 of the podcast. I've learned so much from our guests, and I hope you have to have a great summer implementing what you've learned improving your skills and I'll be back in the fall. Bye!

Key takeaways:

  • As technology changes, it creates new security problems that must be addressed.
  • When you create software, be mindful of the code you don’t write yourself, such as open source components. It’s important to understand what that code is doing and to make sure it’s secure.
  • Be particularly careful when it comes to authentication and encryption. Ask yourself which frameworks and components you’ll need and whether or not they’re secure.
  • Do security testing before you release any software. Consider how you’ll test it for easy-to-find vulnerabilities.
  • If you’re interested in a career in security, read books about it and look to companies that are experts at it.

Links and mentions from the episode:

Thanks for listening!

Thanks so much for tuning in! Remember, you can listen to the Learn to Code With Me podcast on the following platforms:

  1. The LTCWM website (https://learntocodewith.me/podcast/)
  2. iTunes
  3. Overcast
  4. Stitcher
  5. iHeartRadio

If you have a few extra minutes, please rate and review the show in iTunes. Ratings and reviews are extremely helpful when it comes to the ranking of the show. I would really, really appreciate it!

Special thanks to this episode’s sponsors

Launch Academy: Looking for a coding bootcamp? Boston- and Philadelphia-based Launch Academy has helped over 500 students launch coding careers since 2013, with a curriculum that’s updated every quarter based on hiring managers’ feedback and lifetime postgrad support. Find out more at launchacademy.com.

Flatiron School: Flatiron School offers an online web developer program with a focus on community, actual development tools, and a curriculum that will teach you the skills you need to land a career as a developer. Visit flatironbootcampprep.com to get an amazing $500 off your first month.