Demand for skilled IT professionals in Australia is still outstripping supply and there remains no clear solution in sight.
According to industry group AustCyber, more than 17,000 additional IT security professionals will be needed in the country by 2026.
The report backs another from international cyber security professional organisation (ICS) which found the global cyber security workforce needs to grow by 65 per cent to defend organisations’ critical assets effectively.
As has been the case for more than a decade, there is insufficient cyber security people power.
Perhaps more importantly, the cyber security market must continue to multiply to meet demand, let alone catch up.
This leaves organisations in an untenable situation.
They must compete for top talent in a competitive market, while retaining skilled in-house employees.
The ability to fully staff cyber positions becomes incredibly difficult and expensive to pay the market value in many cases.
So, what do organisations do? Is it time to throw in the towel for security? Not quite.
The most valuable part of any organisation is the current staff.
Each organisation has developers with the untapped potential to take more responsibility for cyber security within their role.
While organisations may lack direct cyber talent, these developers offer an opportunity for cyber security upskilling investment.
In-house developers can improve cyber security.
They can transform existing code and add security features and protocols that raise an organisation’s overall security posture and security hygiene practices.
The missing piece is typically training.
These developers simply need the time, opportunity, and hands-on curriculum to institute modern security best practices.
For many organisations, this shift toward developer investment provides an alternative route to improved security.
It could take months or even years to find the proper cyber security professionals.
This provides another path to success.
Developers already serve on the front lines of defense for their organisation, although many leaders overlook this aspect of the role of developers.
The problem comes in balancing organisational priorities as often security gets placed behind other tasks in the software development lifecycle.
As a result, developers, to meet condensed deadlines, inadvertently introduce security vulnerabilities into what they create.
In our recent State of Developer Driven Security 2022 survey, just 29 per cent of developers believe the active practice of writing code free of vulnerabilities should be prioritised.
The same study also found that 20 per cent of developers said they don’t think they’re receiving enough training or guidance from their managers on implementing secure coding.
Developers will follow the demands of their roles.
If managers do not prioritise security as part of developer KPIs, they will see it as another department’s problem or bypass it altogether.
The software development cycle is often shortened to speed up the delivery time.
Organisations need to apply a layered approach to empower and enable their developers to learn and apply new skills properly.
Organisations should look at scaffolded learning, where more prominent topics are broken down into discrete learning experiences or concepts.
Instead of one long training session, students get the opportunity to master each concept using appropriate exercises and instruction.
Like a scaffold, these concepts build upon one another.
Students can achieve higher comprehension and skill acquisition levels in a shorter period while progressively learning more advanced skills.
When developers receive proper training, they can better see how security bugs happen, why they are dangerous and how to remediate them before they are in production.
The lack of cyber security professionals is a constant challenge.
There may never be enough skilled cyber personnel to properly protect organisations and applications.
As organisations wrestle with this challenge, they should look to their developers to close the gap and empower them to be more security proficient.
This is why the upskilling of developers is so important.
By providing them with additional skills, they will be able to add more value to their organisation and help it overcome the challenge posed by the shortage of IT security professionals.
Pieter Danhieux, is the CEO and co-founder of Secure Code Warrior.
This content has been written by a topic area expert and is not a sponsored post or advertisement.