Cyber Security. 24.04.26

Intrepid Travel

How the travel experts made secure development second nature

  Intrepid Travel and The Missing Link.

 

The business: Where purpose meets digital scale

Intrepid Travel leads the world in purpose-driven tourism, taking thousands of people to more than 100 countries every year, and their small-group adventures prioritise local connections and low-impact travel. Intrepid is also a Certified B Corp company on a mission to create positive change through the joy of travel. 

That mission relies on robust, secure digital systems. From bookings and itineraries to operational logistics, Intrepid depends on fast, secure and reliable infrastructure to deliver seamless travel experiences at scale.

The challenge: A growing gap between speed and security

Like many tourism businesses, Intrepid faced major disruption during the COVID-19 pandemic. As the business rebounded and demand surged, digital platforms became even more critical. They enabled customer experiences, operational delivery and brand protection in an environment of increasing cybersecurity threats.

These pressures made security a business priority, especially as customer expectations, reputational risk and attack surfaces continued to grow.

While security already played a key role at Intrepid, the team saw a need to apply secure design principles earlier and more consistently in the development lifecycle. Developers needed targeted training to understand how they might introduce risks and how to reduce them through everyday decisions.

At the same time, the company recognised the opportunity to strengthen internal capability and give development teams clearer guidance for building more secure applications.

soparnik_horizontal2 - CopyDelivering seamless travel experiences depends on secure development behind the scenes. 

The engagement: Turning security into a shared capability

Intrepid engaged The Missing Link to deliver a tailored approach to secure development. The focus was on building capability through training that worked across multiple time zones and fit existing ways of working.

The Missing Link developed a scenario-based Application Security Training program, including Fundamentals of Secure Design, aligned to Intrepid’s tech stack and workflows. The content helped developers recognise, discuss and mitigate risks in the context of real-world projects.

Delivered in a blended format, the program combined in-person and virtual sessions and focused on shifting mindset. Developers learned to think like attackers, understand how vulnerabilities emerge and make better design decisions earlier in the process. It also equipped them to identify attack surfaces and avoid insecure coding patterns before code reached production.

The training covered key topics such as:

      • Threat modelling and how to apply it

      • Authentication, authorisation and session management 

      • Secure handling of encryption

      • Input validation and sanitisation

      • OWASP Top 10 and SANS Top 25 vulnerabilities 

 For Intrepid, the impact was clear: 

"The training made security real for our developers and gave them a clearer understanding of what they need to consider as they design and build."

Samantha Kelly, General Manager, Infrastructure and Security, Intrepid Travel

The outcome: Security that shows up in how teams build

Intrepid’s development teams now consider security much earlier in the software lifecycle. Secure design is part of planning, not a post-release concern. Developers apply secure thinking more consistently and refer to industry-recognised security resources like OWASP and CWE in their day-to-day work.

The impact goes beyond process. The training helped bridge the knowledge gap between development and security, building a clearer, shared understanding of secure development across teams. It also contributed to improving the organisation’s overall security posture and supported its ongoing alignment with security frameworks that better suit its business needs.

For Intrepid, this shift delivered more than secure code. It embedded security into everyday decision-making and supported a stronger, more consistent security culture across the organisation.

What made the difference: Why this approach worked

Intrepid chose The Missing Link for its transparent and practical approach. Rather than delivering off-the-shelf training, The Missing Link tailored the program to Intrepid’s environment, working closely with internal teams to embed security thinking in a way that aligned with how they already built software.

By investing in developer capability and closing a knowledge gap, Intrepid built a stronger internal security foundation and set itself up for long-term resilience.

 

Author

Louise Wallace

As a Content Marketing Specialist at The Missing Link, I turn technical insights into engaging stories that help businesses navigate the world of IT, cybersecurity, and automation. With a strong background in content strategy and digital marketing, I specialise in making complex topics accessible, relevant, and valuable to our audience. My passion for storytelling is driven by a belief that great content connects, educates, and inspires. When I’m not crafting compelling narratives, I’m exploring new cultures, diving into literature, or seeking out the next great culinary experience.