Skip to main content
Role-based Learning Paths

This article covers what content is available in our Recommended Role-based Learning Paths

Rachel Yonan avatar
Written by Rachel Yonan
Updated over a year ago

Role-Based Learning Paths

Security Journey offers collections of lessons carefully selected for each role involved in creating software. Each path has multiple levels of learning that build on each other progressively. These paths ensure that learners are only involved in training relevant to them, making the best use of their training time.

What roles are currently available?

  1. Business Learner

  2. Cloud Engineer

  3. Data Scientist

  4. DevSecOps

  5. Mobile Developer (Android)

  6. Mobile Developer (iOS)

  7. Native Developer

  8. Tester

  9. Privacy Engineer

  10. Web Developer (Back-end)

  11. Web Developer (Front-end)

For a closer look on what is included in these paths and their descriptions - see below.


Business Learner Path

Our Business Learner Paths are designed for individuals involved in software development, such as product managers, UX designers, system admins, and QA engineers to help them support secure development efforts.

The Business Learner training content is organized into three progressive levels:

  • Business Learner Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the role of security testing.

  • Business Learner Intermediate: Takes a deeper dive into application security, covering threat modeling, risk assessment, and security controls.

  • Business Learner Advanced: Covers cutting-edge application security topics, such as DevSecOps, secure design, and common weaknesses.


Cloud Engineer Path

Our Cloud Engineer Path is for individuals responsible for designing, developing, and managing cloud-based systems, including architects, engineers, and other similar positions. After completing these learning paths, Cloud Engineer Learners will be enabled to use secure design principles to create secure cloud systems.

The Cloud Engineer training content is organized into three progressive levels:

  • Cloud Engineer Foundational: Covers foundational application security principles for cloud engineers.

  • Cloud Engineer Intermediate: An in-depth exploration of threat modeling, threats, and security controls for cloud engineers.

  • Cloud Engineer Advanced: Learners choose their language/technology/framework to move into more advanced topics with an opportunity to learn how to break and fix code in a real application environment:

    • AWS

    • GCP

    • Azure


Data Scientist Path

Our Data Scientist Path was designed for individuals who work in R to develop data processing pipelines, prepare analytical applications, design architecture, and create models for machine learning. Upon completing our learning paths, the Data Scientist Learner will be able to utilize secure coding principles within the SDLC to design secure applications while working in R.

The Data Scientist training content is organized into three progressive levels:

  • Data Scientist Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the secure development lifecycle.

  • Data Scientist Intermediate: A technical deep dive into the threats and security controls relevant to data scientists, including OWASP Top 10, threat modeling, and security testing.

  • Data Scientist Advanced Path: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to learn how to break and fix code in a real application environment.

    • R


DevSecOps Path

Our DevSecOps Path is designed for employees who are responsible for integrating security into the software development lifecycle, including Engineers, Release Managers, Infrastructure Engineers, and other similar roles. After completing our learning paths, DevSecOps Learners will be able to expertly identify and mitigate vulnerabilities and security threats throughout the application development lifecycle.

The DevSecOps training content is organized into three progressive levels:

  • DevSecOps Foundational: Covers foundational application security principles for DevSecOps engineers.

  • DevSecOps Intermediate: In-depth exploration of threat modeling, common security threats, security controls, and testing tools.

  • DevSecOps Advanced: Learners choose their language/technology/framework to move into more advanced topics with an opportunity to learn how to break and fix code in a real application environment:

    • Terraform

    • IaC

    • Docker Kubernetes

    • DevSecOps


Mobile Developer (Android) Path

Our Mobile Developer (Android) Path was designed for developers creating applications on Android’s operating system. After completing these learning paths, the Web Developer (Android) Learner will be better equipped to build secure applications and mitigate security threats.

The Mobile Developer (Android) training content is organized into three progressive levels:

  • Mobile Developer (Android) Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and secure design principles.

  • Mobile Developer (Android) Intermediate: Takes a deeper technical dive into topics that include threat modeling, the OWASP Top 10, and security controls relevant to Android mobile developers.

  • Mobile Developer (Android) Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to learn how to break and fix code in a real application environment:

    • Kotlin

    • Java


Mobile Developer (iOS) Path

Our Mobile Developer (iOS) Path is designed for developers creating applications on Apple’s iOS system. After completing these learning paths, developers are better equipped to build secure applications and mitigate security threats.

The Mobile Developer (iOS) training content is organized into three progressive levels:

  • Mobile Developer (iOS) Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and secure design principles.

  • Mobile Developer (iOS) Intermediate: This path takes a deeper technical dive into topics that include threat modeling, the OWASP Top 10, and security controls relevant to iOS mobile developers.

  • Mobile Developer (iOS) Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to learn how to break and fix code in a real application environment:

    • Swift


Native Developer Path

Our Native Developer Path is tailored to individuals who aim to create applications using specific languages, frameworks, or technologies, such as C and C++. Upon finishing these paths, learners will be able to integrate secure coding principles into their application development.

The Native Developer training content is organized into three progressive levels:

  • Native Developer Foundational: Covers foundational application security principles for native developers including different attackers, threats, and secure design.

  • Native Developer Intermediate: A technical deep dive into the threats and security controls relevant to native developers.

  • Native Developer Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to learn how to break and fix code in a real application environment:

    • C++

    • C

    • Embedded


Tester Path

Our Tester Learner Path is designed for individuals who evaluate and test newly developed software applications. This includes roles such as QA, analysts, software testers, and others with similar responsibilities. Upon completing these learning paths, the Tester Learner will be equipped with the skills necessary to work effectively within the SDLC to identify and resolve vulnerabilities.

The Tester training content is organized into three progressive levels:

  • Tester Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the threat landscape.

  • Tester Intermediate: Covers an in-depth exploration of common security threats and testing tools.

  • Tester Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to learn how to break and fix code in a real application environment:

    • Web App Testing


Privacy Engineer Path

Our Privacy Engineer Path is for individuals responsible for inspecting code before deployment to assess privacy protections for personal data.

After completing this learning path, Privacy Engineers will be enabled to use secure coding principles to ensure the responsible handling of data.


The Privacy Engineer training content is organized into three progressive levels:

  • Privacy Engineer Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the secure development lifecycle. 

  • Privacy Engineer Intermediate: A technical deep dive into the threats and security controls relevant to data scientists, including OWASP Top 10, threat modeling, and security testing. 

  • Privacy Engineer Advanced Path: Advanced application security topics covering DevSecOps, common weaknesses, testing tools, and secure design.


Web Developer Paths (Front-End / Back-End)

We offer two separate paths for web developers, based on whether they engage in front-end or back-end web development. After completing their appropriate path, developers will be able to understand security threats for the languages/frameworks/technologies they work in and have the ability to develop mitigation strategies during their software build.

Web Developer Path (Back-End)

The Web Developer Back-End Path is organized into three progressive levels:

  • Web Developer (Back-End) Foundational: Explores core concepts around application security, including understanding threats, business impact, secure development, and secure design.

  • Web Developer (Back-End) Intermediate: Takes a deeper into topics that include techniques used to build secure applications, the OWASP Top 10 for web applications, secure secrets management, and security tools.

  • Web Developer (Back-End) Advanced: Learners choose their language/technology/framework to move into more advanced topics with further opportunity to learn how to break and fix code in a real application environment:

    • C#

    • C++

    • Clojure

    • Cobal

    • Java

    • JavaScript (Node.js)

    • JavaScript (Angular)

    • JavaScript (React)

    • TypeScript (Back-End)

    • PHP (CodeIgniter)

    • PHP (Laravel)

    • PHP (Symfony)

    • Scala

    • Go

    • Python

    • Python (Django)

    • Ruby (RoR)

    • API

    • Rust

    • Perl

    • Blockchain

Web Developer Path (Front-End)

The Web Developer training content is organized into three progressive levels:

  • Web Developer (Front-End) Foundational: Explores core concepts around application security, including understanding threats, business impact, secure development, and secure design.

  • Web Developer (Front-End) Intermediate: Takes a deeper into topics that include techniques used to build secure applications, the OWASP Top 10 for web applications, secure secrets management, and security tools.

  • Web Developer (Front-End) Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to continue to learn how to break and fix code in a real application environment:

    • JavaScript (Angular)

    • JavaScript (React)

    • TypeScript (Front-End)

    • ClojureScript

Did this answer your question?