CUSTOMISED
Expert-led training for your team
Dismiss

Python Security for Data Analysts & Quants training course

Python-focused “Security-First Best Practices” course tailored for Quants, Data Analysts and Traders who build small Python apps, scripts, tools, or APIs inside a bank.

JBI training course London UK

"Our tailored course provided a well rounded introduction and also covered some intermediate level topics that we needed to know. Clive gave us some best practice ideas and tips to take away. Fast paced but the instructor never lost any of the delegates"

Brian Leek, Data Analyst, May 2022

Public Courses

05/01/26 - 1 days
£2250 +VAT
Enrol 
16/02/26 - 1 days
£2250 +VAT
Enrol 
30/03/26 - 1 days
£2250 +VAT
Enrol 

Customised Courses

* Train a team
* Tailor content
* Flex dates
From £1200 / day
Highlights Details Audience Feedback Prices/Dates Related Courses
Public Courses
EDF logo Capita logo Sky logo NHS logo RBS logo BBC logo CISCO logo
JBI training course London UK

 

  • Explore why security is critical when building custom Python tools and how real-world failures happen.
  • Learn essential Python secure-coding fundamentals to build safer applications from the start.
  • Understand the big three Python threats—injection, unsafe deserialization, and arbitrary code execution—and how to defend against them.
  • Apply secure practices for handling, storing, and transferring sensitive data within Python workflows.
  • Utilise proper secrets management and modern authentication methods to eliminate risky hard-coding.
  • Evaluate dependency risks, environment isolation, and deployment security to avoid supply-chain and packaging threats.
  • Enhance your safety posture in Jupyter and other interactive environments by following notebook-specific security best practices.
  • Review a practical secure-coding checklist to reinforce learning and guide future Python development.

Course Details

Module 1 — Why Security Matters for Desk-Built Python Tools

Key Topics:

  • How small quant/analyst scripts create enterprise-level exposure
  • Model theft and Model IP protection; Market data and API security including rate limiting
  • Real examples of spreadsheet/Python notebook breaches
  • Data classification: market data, client data, PII, trading logic
  • Regulatory context (e.g., GDPR, FCA, internal audit requirements)
  • MiFID II record-keeping requirements, EU DORA ICT Risk Management requirements.
  • “Shadow IT” and why Python tools often bypass security controls
  • Takeaway
  • Learners understand why security applies to them, not just developers.

Module 2 — Python Secure Coding Fundamentals 

Key Topics:

  • The Least Privilege Principle in code & data access
  • Input validation for parameters, files, CSV uploads, API inputs
  • Safe error handling and avoiding information leakage
  • Creating safe defaults (timeouts, retries, limited file access)
  • Logging without exposing sensitive data
  • Practical Red Flags
  • Printing credentials during debugging
  • Exposing stack traces to internal users
  • Using “temporary” shortcuts that become permanent in production

Module 3 — The Big Three Python Threats: Injection, Deserialization, Execution 

  • 1. Injection Attacks
  • SQL injection through string formatting
  • Safe use of parameterized queries
  • Injection through Pandas query() or notebook widgets
  • 2. Deserialization Risks
  • pickle / joblib loading untrusted data
  • Malicious objects executing on load
  • Safer alternatives (json, yaml.safe_load, protobuf)
  • 3. Arbitrary Code Execution
  • Why eval, exec, and dynamic imports are dangerous
  • Unsafe shelling-out (os.system, subprocess.Popen)
  • How attackers can escalate through seemingly harmless inputs
  • Hands-On Exercise
  • Fixing vulnerabilities in a short Python example script.

Module 4 — Protecting Data: Secure Handling, Storage, and Movement 

  • Key Topics
  • Handling of client data, trade data, PII
  • Preventing data leakage through logs, temp files, notebooks
  • Encryption in transit: using HTTPS, certificates
  • Avoiding local file dumps and shared drive exposure
  • Sanitizing output before sending to business users or clients
  • Scenario Discussion
  • What happens if a quant tool produces a CSV with unintended sensitive columns?

Module 5 — Secrets Management & Authentication 

  • Key Topics
  • Never hardcoding credentials (API keys, DB passwords)
  • Secure use of environment variables
  • Using the bank’s secret manager or credential vault
  • Key rotation & lifecycle
  • Risks of storing secrets in notebooks or git repos
  • Practical Red Flags
  • Jupyter notebooks uploaded with visible credentials
  • Python scripts emailed with embedded tokens

Module 6 — Dependencies, Environments & Deployment Risks 

  • Key Topics
  • Why dependency risks matter even for small Python tools
  • Using internal package repositories only
  • Pinning versions (requirements.txt, pip freeze)
  • Known vulnerabilities (CVE scanning)
  • Conda/venv isolation
  • Risks of running untrusted open-source packages
  • Practical Example
  • A popular ML library compromise — how supply-chain vulnerabilities arise.
  • Supply Chain Security, Typo squatting attacks and vetting third party libraries.

Module 7 — Jupyter Notebook & Interactive Tool Security 

  • Key Topics
  • Notebooks as attack surfaces
  • Removing sensitive output before sharing
  • Preventing user-supplied code execution in widgets
  • Converting notebooks safely to HTML/PDF
  • Output caching and hidden cell risks
  • Red Flags
  • Notebooks stored on shared drives with embedded datasets
  • “Accidental” model dumps containing client identifiers
  • Module 8 — Lightweight Threat Modeling for Python Tools (30 min)
  • Key Topics
  • Identifying what your code connects to (data sources & systems)
  • Mapping trust boundaries
  • Asking “What could go wrong?” before releasing a tool
  • Quick 5-question security check for every script/app

Module 9 — Secure Coding Checklist & Final Review 

  • Learners receive a Python-specific, desk-friendly checklist:
  • Am I accepting untrusted input?
  • Am I using any dynamic execution (eval/exec)?
  • Are secrets exposed anywhere?
  • Does the script access more data than needed?
  • Are dependencies safe and version-pinned?
  • Could logs or errors leak sensitive information?
  • Have I documented known assumptions and risks?
  • OPTIONAL: Hands-On Assessment (20–30 min)
  • A short secure-code review exercise using a flawed Python script.

 

JBI training course London UK
  • Python Developers
  • Software Engineers
  • Security Professionals (SecDevOps)
  • Software Architects
  • Data Scientists & Machine Learning Engineers
  • Quality Assurance Engineers
  • Developers Transitioning to Security
  • Ethical Hackers and Penetration Testers
  • Project Managers and Product Owners
5 star

4.8 out of 5 average

"Our tailored course provided a well rounded introduction and also covered some intermediate level topics that we needed to know. Clive gave us some best practice ideas and tips to take away. Fast paced but the instructor never lost any of the delegates"

Brian Leek, Data Analyst, May 2022



“JBI  did a great job of customizing their syllabus to suit our business  needs and also bringing our team up to speed on the current best practices. Our teams varied widely in terms of experience and  the Instructor handled this particularly well - very impressive”

Brian F, Team Lead, RBS, Data Analysis Course, 20 April 2022

 

 

JBI training course London UK

Newsletter


Sign up for the JBI Training newsletter to receive technology tips directly from our instructors - Analytics, AI, ML, DevOps, Web, Backend and Security.
 



More about this course

This course provides a practical introduction to why security is essential when building custom Python tools, supported by real-world examples of what can go wrong. You’ll learn core Python secure-coding fundamentals and gain a clear understanding of major threats such as injection, unsafe deserialization, and arbitrary code execution. Through hands-on guidance, you’ll apply best practices for handling, storing, and moving sensitive data safely within Python workflows.

The course also covers modern secrets management and authentication approaches that eliminate dangerous hard-coded credentials. You’ll evaluate dependency and environment risks to avoid supply-chain vulnerabilities and strengthen deployment security. Additional modules focus on staying safe within Jupyter and other interactive environments. Finally, you’ll leave with a practical secure-coding checklist to support ongoing, secure Python development.

FAQs

CONTACT
+44 (0)20 8446 7555

[email protected]

SHARE

 

Copyright © 2025 JBI Training. All Rights Reserved.
JB International Training Ltd  -  Company Registration Number: 08458005
Registered Address: Wohl Enterprise Hub, 2B Redbourne Avenue, London, N3 2BS

Modern Slavery Statement & Corporate Policies | Terms & Conditions | Contact Us

POPULAR

AI training courses                                                                        CoPilot training course

Threat modelling training course   Python for data analysts training course

Power BI training course                                   Machine Learning training course

Spring Boot Microservices training course              Terraform training course

Data Storytelling training course                                               C++ training course

Power Automate training course                               Clean Code training course