It is imperative as a scaling could-based company to have a constant focus on security. That’s how I landed the Security Program Manager job here at Coveo a couple of years ago, and how my colleague Maxime Coquerel followed a little bit later. In a company with a fast-paced mentality, it’s a great challenge for our team to do our job whilst being the least disruptive to our colleagues. Max and I live through these different growth phases at an incredible pace here at Coveo, and we don’t want our co-workers to think of security as a burden. Since we are clearly not the kind of team to refuse a challenge (much like the rest of Coveo… it must be something in the water), we wanted to find a creative, fun and participative approach to security awareness.
We targeted a few members of the R&D (big shout out to Frederic Boutin) with affinities towards security and met with them to get their input on how we could do this. Their feedback was unanimous we need to press the competitive button in every developer’s mind and have them test their hacking skills on their fellow’s code. Next thing you know, we were all set for Coveo’s first Hack-a-day!
Akin to the format of a hackathon, the security team held a presentation a few days before the big day to showcase a few live demos of hacking exploits and vulnerabilities. There’s nothing better than to put everyone in the “swordfish” state of mind. We got plenty of suggestions, attack strategies, and got to test a few interesting tools. We demystified the whole challenge and ensured that all participants were thrilled about it.
Then on the big day, it was time to become “one-day Hackers” and get our magic going on our own products. The room was packed with all-star developers from all trades (front-end and UI, Back-end services, etc.) that shared the same leitmotiv: Looking for vulnerabilities, exploits or any others issues! What was even more incredible was the way the team came together. We expected to have several teams in competition but after a few hours, we realized it was one large team who worked together and helped each other out! We had a great team lunch, and there was definitely a lot of caffeine (and Theine) involved.
This initiative was a clear success on multiple fronts. We turned a serious matter into a fun, hands-on team building experience. The bond was strengthened between developers and we got to discover the each other’s pieces of code at the same time.
And since I know you’re dying to know… yes we discovered issues and fixed them quickly after! We expected nothing less from our world-class team. A few colleagues I chatted (for the first time) once the Hack-a-day was over and it was evident that our efforts have changed their perception of writing and reviewing code in the future. That’s definitely the outcome we wanted!
We didn’t give away special prizes during the day, but let’s say the biggest perk for the participants is the “get out of the annual security awareness training session” card we handed out to them over a beer at happy hour.
Since it was a big success, we are going to make this an annual event for sure, probably more than once a year! We’ll continue to improve by building some hype and enhancing the format to generate even more participation next time around. We’ll keep you posted on the second edition too!