Application Security

5-Step Guide to Beating the AppSec Skills Gap

Updated:
November 14, 2022
Written by
Aneesh Bhargav

The current labour shortage in tech is the worst we've seen in decades. Globally, there are more than 2.7 MILLION security jobs lying vacant, with no one to take them.

More than 60% of team leaders struggle to find skilled security talent who meet their needs. Companies are getting desperate. As software and cloud-native apps balloon in scope and complexity, their security teams only shrink in size.

It's not hard to see why this situation is bad. In the third quarter of 2022, a record 15 million security breaches rocked organisations around the world. Compared to the previous quarter, this was a stunning 167% increase.

To make matters worse, the average data breach costs in 2022 is $4.35 million, a 2.6% rise from 2021 amount of $4.24 million.

Alarm bells ringing yet? They should be.

As a team leader, your top priority should be to develop skilled talent who are competent in application security.

Hiring experts isn't going to work. You need your whole product team involved in this effort.

That's why I've prepared this 5-step guide to beating the AppSec skills gap:

1. Help team members achieve their career goals

Everyone at your company has different priorities.

Leaders want to grow the business and see bigger, better numbers. But employees care more about growing their own careers and focusing on self-development.

Many employers see this as a problem. After all, if an employee is always thinking about their own career growth, won't they just leave the company and go somewhere else?

That's a common myth, however. In reality, 70% of employees say they would change jobs if the employer was willing to invest in their development and learning.

Lean into it. As a team leader and mentor, it's your responsibility (and in your best interest) to encourage your team members' career growth. Get them the resources they need to develop long-term, and support them acquiring skills.

Your team absolutely will notice and appreciate your efforts. In turn, they'll pay you back by being way more proactive at work.

2. Security training is the only long-term solution

Hiring can get very costly, very fast. There are tons of hidden costs when hiring a new employee, especially a skilled one.

From recruitment costs and background checks, to reviewing resumes, conducting interviews, and onboarding, it costs as much as USD $30,000-35,000 to hire one new security engineer. And that's BEFORE salaries and benefits.

It's far more cost-effective and efficient to grow your in-house AppSec talent with training. For each team, prioritise training them in skills that will help them do their jobs better (instead of a one-size-fits-all training).

Focus on building your team's security skills quickly, and you can see results in just months, without productivity ever dropping.

AppSecEngineer makes it easy to plan your training program. See how it works.

3. Improve retention rates with training

It's a myth that training your team will make them want to seek better offers outside. An employee who receives training is far more likely to be loyal than one who doesn't.

In fact, 86% of millenials will be happy to stay at their current position if their employers gave them training and helped them develop. After all, you're showing them commitment and care.

In an economy of rampant labour shortages, layoffs, and instability, training is one of the most effective ways to retain and grow your in-house talent.

It's sort of like becoming recession-proof, isn't it?

4. Build a more diverse team

Today more than ever before, it's easier to bring underrepresented groups into the workforce. Not only is it the right thing to do, but adding a more diverse set of voices to your team can bring out creative problem-solving strategies.

Today, 75% of organisations are changing their hiring structures to hire more women, and 60% are looking to hire more minority groups.

A less-highlighted aspect of diverse hiring is that it can change the social dynamic of teams, too. It stops discussions from turning into echo chambers, and can help create a more positive work environment for everyone.

Also, paid internships are more useful than you realise. Students are usually more capable of learning than seasoned pros, and they bring a youthful energy to the workplace.

Not to mention, many interns end up working at the companies they intern at, which means they'll arrive already 'onboarded' and familiar with the company culture.

5. To stay afloat, teams need to update their skills constantly

If you're not innovating, you're adapting. If you're not adapting, you're falling behind.

Technology is evolving at a pace we've never seen before, and product teams are finding it harder and harder to keep up. The framework you rely on today could be outdated in 2 months.

You need to invest in AppSec training to build your team's skills on a constant basis. And not just any old training.

You need hands-on training in security. Like AppSecEngineer!

As an all-in-one training suite for product teams, we offer 50+ courses and activities in application security. That includes:

  • AWS & Azure security
  • DevSecOps
  • Containers & Kubernetes
  • Threat Modeling
  • Basic & Advanced AppSec

Check out the full catalogue here.

These courses feature 700+ hands-on labs that showcase real-world security scenarios. It's also 100% browser-based so zero downloads or installs, and zero security risk.

We've even got:

Unlock all the content in our library in just one click. Get it now and start learning today.

Source for article
Aneesh Bhargav

Aneesh Bhargav

Aneesh Bhargav is the Head of Content Strategy at AppSecEngineer. He has experience in creating long-form written content, copywriting, producing Youtube videos and promotional content. Aneesh has experience working in Application Security industry both as a writer and a marketer, and has hosted booths at globally recognized conferences like Black Hat. He has also assisted the lead trainer at a sold-out DevSecOps training at Black Hat. An avid reader and learner, Aneesh spends much of his time learning not just about the security industry, but the global economy, which directly informs his content strategy at AppSecEngineer. When he's not creating AppSec-related content, he's probably playing video games.

Aneesh Bhargav