After all, recent reports indicate there are roughly 500 software developers for every one cybersecurity professional in the market today. Furthermore, it costs six times more to fix code than it does to create good code later in the secure software development life cycle (S-SDLC).
Like many elements of business, a culture of robust cybersecurity hygiene starts at the top with C-level company leadership. For secure code training to be a high priority, leaders must invest their time and energy into advocating for proper, ongoing software development education for relevant employees. This idea seems to be trending in a positive direction, as 70% of organizations acknowledge the significance of secure coding training.
To create action from intent, companies should embrace and encourage security champions within their organization. Security champions can be developers at the expert level who display a passion for high standards and cybersecurity – offering to serve as a friendly, effective bridge between developers and security personnel. This is for a few reasons:
- As a volunteer, they will see championing security as a high profile company mission.
- As a senior developer, they will more likely have an impact on junior developers who trust their expertise and can rely on their established company connections.
- They will be able to grasp how secure coding fits into the larger picture of the development team’s duties – and be able to translate complex related concepts into terms that could be more easily comprehended and accepted by their peers.
Once a company realizes that education is the solution to better security, it will organically become more of a priority to train their developers. None of the top Computer Science education programs in the United States or globally insist on a secure coding or secure application design classes, so the pressure is on for developers to receive comprehensive on-the-job training. While 74-90% of students who attend a coding bootcamp get a job nearly right away, a coding bootcamp alone is not a sufficient amount of education to deal with the intricacies of software coding. Because new vulnerabilities arise all the time, developers need to receive education on a regular basis, not just as a one time event.
There is a high rate of cybercrime and an inadequate supply of professionals who are equally as skilled as the criminals. Fortunately, there are plenty of software developers who can be trained to create vital code that will be less vulnerable to cyberattacks. A regularly trained development team decreases the risks associated with industry expectations that software features or updates are released on a daily basis. Thus, to nurture a culture of cybersecurity awareness, organizations must recognize the importance of secure code training, find software developers within their organization to serve as security champions and properly train their developers on an ongoing schedule.
Training must be continuous, and relatable for developers to successfully retain knowledge and properly apply it to their everyday software development tasks. The process to adequately train developers will bring about more secure software that is at pace with technological breakthroughs.
Jared Ablon is President and co-founder of Santa Monica, California-based HackEDU (www.hackedu.com).