Applying Learning Science Principles to Secure Code Training

Jared Ablon
5 min readJun 7, 2021

Originally posted:

Everyone knows the old adage: You can lead a horse to water but you can’t make it drink, and this is certainly applicable when it comes to self-directed learning through computer-based training programs. But if learning is the goal — and it is a critical one in the field of cybersecurity, where breaches cost enterprise companies an average of $3.92 million — you’ll probably want to do everything you can to increase the likelihood of that horse taking a swig.

That’s where Learning Science comes in. Did you know there’s a whole field of academic study dedicated to using science to understand what makes learning more effective, and that thousands of scholars have been contributing to the body of knowledge for over 100 years? It started back in 1899 when William James wrote an essay called Talks to Teachers which melded psychological principles with the practice of education. Since then, the field has grown in scope to encompass the ever-expanding bodies of knowledge in the fields of cognitive psychology and data science. In 2021, there has been so much research on the topic, tested to the height of scientific possibility using cutting-edge experimental design technology, that we can almost use the word “proven” to describe the learning science principles that have emerged over the years.

Here at HackEDU, learning science principles have been the cornerstone of our approach to secure code training. Below, we highlight the top seven Learning Science Principles based on the largest contemporary body of knowledge from Carnegie Mellon University, and explain how we incorporate each one into our training program.

Prior Knowledge Affects Learning

When it comes to computer programming, developers are coming to the table with wildly varying experiences and beliefs around secure coding practices; as we pointed out in our 2021 Vulnerabilities Benchmark Report, half of all developers are starting off with no formal training at all. Accurately gauging the level of prior knowledge to determine a starting point is critical to shape individualized curricula that aren’t boring or too hard. This is why we offer an…

Jared Ablon

Co-founder and CEO of HackEDU. Previously a CISO. 15 years in cybersecurity.