Location: London, UK
Number Of Developers: 100+
Solutions: Continuous Learning, Regular Workshops, Onboarding
Skyscanner is a leading travel marketplace and metasearch engine, enabling millions of users to look for and book flights, accommodation, and car-hire all over the world. Founded in 2003, Skyscanner has come a long way and evolved into a global brand with more than 1000 employees across the globe. Their mission is to lead the transformation to modern and sustainable travel.
Data security is taken extremely seriously at Skyscanner. At the company, developers needed to learn more about insufficient monitoring, lack of or incomplete input data validation, and the use of libraries with known vulnerabilities. To make sure that their data is well protected, Skyscanner security team leaders decided to organize workshops for software engineers and developers. The main goal of these workshops is to raise security awareness, learn about vulnerabilities, and to build a mindset that contributes to overall data security. Ultimately, Skyscanner aims to encourage engineers to consider security from the beginning when they are designing new features.
Depending on the target audience, three main types of workshops were implemented: regular onboarding workshops for newcomers (5-15 people), team-focused workshops for groups (15-20 people), workshops for Security Champions (appr. 60 people), and an engineering-wide workshop (open to all engineers, more than 100 people).
“Avatao has many attractive features, particularly the hands-on exercises combined with reading materials make it easier to bring concepts to practice.”
Sandra Guasch Castelló
Senior Security Engineer, Skyscanner
By using Avatao, Skyscanner is provided with continuous security training for developers, as the first pillar of a security-conscious culture. With optional attendance at the workshops, software engineers and security champions were able to find the exercises that fit their skills the best. As an example, a 1.5h workshop was scheduled, with content broken down to 4 modules, focused on 4 different topics, and with a variable number of exercises (7-17), including tutorials and challenges on different difficulty levels. At the beginning of the workshop, 2 people provided a brief explanation of the basics of the platform. Then people were encouraged to choose a module to start with, and join other colleagues working on the same exercises in a separate online call. People were able to continue with the exercises after the workshop. The self-guided nature of Avatao’s challenges allowed participants to complete the exercises as they fit their schedule.
The overall reception of Avatao’s training was very positive. Exercises related to recent security breaches, and topics such as Java, Python or web technologies were the most popular ones among the participants. The exercises gave developers a great way to improve their security skills. Skyscanner will continue to use Avatao to reinforce their developers’ knowledge against security threats to come. Specifically, Skyscanner plans to set up regular workshops in the future for specific teams focused on vulnerabilities found in their systems, combined with some theory prior to having the workshop.