Secure Code Training – SCT20 different this time and … it is happening!

SCT20 – different this time

This year is exceptional. We did not wish it, but the circumstances made us make changes to what and how we do things.  “Community” has always stand for cooperation, collaboration and meeting people mainly face-to-face.  In 2020 in the context of SARS-CoV-2 pandemic meeting Face-to-Face means risk; however, knowledge and awareness of the technical aspects of secure programming still matter.

Thus Secure Code Training 2020 is not cancelled; it is happening, it will be unusual, it will be different. We do not want the circumstances to dominate us, but rather use them in a way that will allow us to see and make use of opportunities that otherwise would have remained unseen.

The biggest and the most obvious change is that SCT20 will be fully remote. We work remotely and we will be learning remotely, which presents certain challenges – resolving them took some time making this year’s SCT a ‘Summer Secure Coding Training’.

Conducting a remote training is more difficult and challenging (in some ways) than a F2F one.

You do not have the direct contact with the attendees and cannot establish a mental connection with them to read subtle signals “we need a break”, “I am too fast with this part” and so on. It is more difficult to make people feel and work as a group and interact with a trainer – online and within short space of time.

Of course, many things are possible thanks to remote teleconferencing facilities but they also may create challenges of a different kind – have you seen “A Video Conference Call in Real Life”?.

SCT20 ‘Goes Remote’

So, this is what we plan to do to help us learn in a virtual environment:

  • We will test the video conferencing facilities beforehand.
  • We also included 5-10 minutes slots in a session to resolve any technical issues; if there are none – we will have more time for questions or longer breaks. To help with the technical side we will use the VC software that may also be run from the browser, and we will provide all the necessary instructions.
  • Working and learning online for long periods of time is tiring and for this reason it is hard to stay focused.  With this in mind we will have about half day of the training every day (4-5 hours) with frequent breaks. It will help the participants not to feel too tired after each session and to allow to plan the rest of the day to take care of other important work tasks.
  • We have also analyzed how to build the presentations and workshops. To help with concentration and to also make the workshop pace more fluent We will be combining theory and practice and we plan to make the switch between the two more often.
  • To make the format of the SCT more varied we have engaged an external training company to prepare and run part of SCT devoted to JavaScript security – a topic that is important for the GEANT community. To see the full details of this part of the programme click here.

We will also have our part, formatted similarly to previous SCTs. Our part will be focused on Java and will also cover some generic topics, i.e. Continuous Integration or Threat Modeling, and also topics that are independent on the used programming language. To see the full details of this part of the programme click here.

Adjusting to the new circumstances means that we had to think differently to come up with the format of the SCT that helps us to learn and work in the virtual environment, and we thought it was important to explain the reasons for a different “look and feel” of the SCT20.

SCT20 – what is new in a nutshell (and how to register)

Here is the summary of the SCT20 – new features.

  • The whole programme will be delivered live online.
  • To combat the “digital fatigue” the SCT will take place over longer period of time: Monday-Thursday 6-9 July (half days) and Monday-Wednesday next week 13-15 July (half-days). This is an equivalent of 3.5 full days (if you are attending both parts).
  • Part of the SCT programme (JavScript Security) will be delivered by an external training provider. 

The registration is open separately for

1) JavaScript Security (external training provider): 06 to 09 July (max participants – 10) Click here to register

2) SCT delivered by WP9 T2: 13 to 15 July (max participants – 16) Click here to register

You are welcome to register to one or both of the components of the programme but do not delay as number of spaces is limited!  The number of spaces is limited to allow participants and trainers to interact more.

  • We have worked hard to make SCT20 relevant and enjoyable in the online format and would like to hear whether the changes we made “work” for you, so please expect to see some additional questions in the feedback forms.

SCT20 – see you soon!

The world is changing – not always in a good direction (at least it may feel like that in the beginning), and we have to change accordingly.

We believe these differences will not discourage you from registration and participation.

See you soon… this time in a virtual training room!

For more information and registration details visit the Secure Code Team wiki or go to GLAD Calendar.

Organised by: GÉANT Project, GN4.3-wp9-T2 Supported by: GLAD, WP1 T5

Contact: glad@geant.org

Gerard Frankowski – SubTask leader WP9-T2 Software Governance and Support