So your company just signed up a major new client to develop their business applications. It's a huge project, and your whole team's going to be involved, and it's really exciting. There's just one problem. They want their apps to run on Kubernetes.
Your product engineers are familiar enough with containers and Kubernetes to get it done. But what about application security? Nobody on your team is willing to risk building an entire app in Kubernetes without being confident that they can properly secure it. This can be a deal-breaker, and that contract is on the line.
Which means you have two options. Hire a Kubernetes security expert for your team, or give all your engineers the training they need to get the job done.
It seems like an obvious answer at first. Hiring just one or two application security experts, as against training an entire team of developers and engineers, seems way simpler, less time-consuming, and cheaper. Makes sense, right?
But according to several studies and surveys in the last ten years, it's actually the very opposite. So how does that work?
How is training your entire team of engineers more cost-effective than hiring just one new person?
To understand why training is actually more cost-effective, we need to understand where our money goes in recruitment. When it comes to hiring even one new person, there are a whole lot more hidden costs beyond just their salary to consider.
We've created a detailed infographic to explain this. You can check it out here.
When you add all this up, the real-world cost of hiring even a single well-qualified application security professional can be as high as $67,500 - $135,000!
In fact, the cost of hiring a professional goes up dramatically the more skilled they are. Hiring an AppSec expert can be twice as expensive as hiring a skilled security engineer.
We get it. There's lots of reasons you might not want to train your employees. What if they take all that knowledge and experience and wave your company goodbye, only to go to your competitor who's promising them a better salary? That would be your money, time, and effort that went down the drain.
But yet again, the data seems to defy all expectations.
For starters, employee retention is 42% higher when they receive the training they need, and a company that invests $1,500 on training per team member sees an average of 24% more profit than companies that invest less.
But why does training provide those benefits?
Well, here's the thing: your team members actually notice when you take the trouble to put them through a good application security training program. You are helping them be more capable of doing better work. An employee who's able to work at their maximum potential is far happier than someone who's never given the chance to reach their peak performance.
They feel more valued, and as a result, feel more empowered and invested in the work they do, leading to better performance, better morale, and a more technologically fluent workforce. Because when you train everyone equally, they all get the same boost in skills.
Hiring a single application security professional, whatever their experience level, can't match up with a whole team of well-trained, skilled individuals.
Let's think back to the scenario I mentioned at the beginning. If you decided to train your product engineering team, you've given them two key things:
That second point is especially important. More than just allowing them to do their job well, a level of technical proficiency across your whole workforce means that every team member is pulling their weight. You effectively eliminate bottlenecks and dependencies that would exist if your team was unfamiliar with Kubernetes.
That's what makes a frictionless, easy work environment. Not just a group of skilled professionals who are great at what they do, but a team of qualified individuals that can accomplish far more when they work together.
Want to download the full infographic? Get it here.
Aneesh Bhargav is the Head of Content Strategy at AppSecEngineer. He has experience in creating long-form written content, copywriting, producing Youtube videos and promotional content. Aneesh has experience working in Application Security industry both as a writer and a marketer, and has hosted booths at globally recognized conferences like Black Hat. He has also assisted the lead trainer at a sold-out DevSecOps training at Black Hat. An avid reader and learner, Aneesh spends much of his time learning not just about the security industry, but the global economy, which directly informs his content strategy at AppSecEngineer. When he's not creating AppSec-related content, he's probably playing video games.