The key to solving the cybersecurity workforce gap: Enlisting the world’s 27 million developers in the fight

Yesterday, the Biden Administration called upon leaders from Amazon, Apple, Google, IBM and Microsoft as well as other private and non-profit organizations to discuss crucial measures for improving the overall cybersecurity posture of the United States. (This follows an Executive Order, which we wrote about in May, outlining a 100-day initiative to improve the security of the modern software supply chain).

One line in particular jumped out at me within yesterday’s new memo: “the biggest issue the United States has is that nearly half a million public and private cybersecurity jobs remain unfilled.”

At Snyk, we are passionate about helping organizations of all sizes — both in the private and public sectors — modernize their security workforce through the right approaches and tooling. Our company was founded upon the belief that the legacy security industry was broken and old methods must rapidly evolve from an IT and security-centric perspective to a developer security approach.

Why do we believe this?

Enlist the World’s 27 Million Developers in the Fight

While we certainly don’t disagree with this initiative to fill the 500,000 cybersecurity jobs open today, it’s become glaringly obvious that we simply don’t have time to wait for students or today’s workers to complete college or vocational certifications. A more immediate and logical solution is to enlist every one of the world’s existing 27 million (and growing) developers to be secure and apply security discipline to their existing workflows.

Legacy cybersecurity tools: Old tricks for hackers

The world’s most powerful organizations already spend billions on cybersecurity tools, mostly dated solutions like SIEM and endpoint and threat/network detection as well as authentication. In fact, Gartner forecasts that global spending on information security services will increase to $150 billion in the year ahead. And yet attacks persist as hackers have already learned how to exploit these legacy systems and do so again and again. What is the definition of insanity? Doing the same thing and expecting different results.

Modern security is built in from code to cloud

In today’s digital world, developers write code continuously and ship applications faster than ever. They don’t have time to slow down the development process with periodic code scans or security tests just before an app goes into production. Rather, security must be integrated into a developer’s existing workflow with automated security testing throughout the entire development lifecycle. In addition, developers need a systematic way of finding and fixing vulnerabilities in proprietary code to ensure its integrity as well as within all of the publicly available open source software they leverage when building.

Developer + security teams = stronger together

Snyk’s vision of the future is not about hero ball or disparate teams working in isolation. It’s about entire organizations caring about and prioritizing security (from the CEO on down) with developer and security teams effectively collaborating to continuously find, fix and monitor security across every app and all code as well as the infrastructure where the app runs.

We’re excited that the Biden administration stands behind the need to adapt and evolve how nation states and organizations approach security in today’s digital world. We’re even more excited that these new initiatives reflect our vision for developer security, the key to solving today’s cybersecurity workforce gap.

If you’d like to learn more about this vision and how you can join the fight, please join us at SnykCon coming up October 5-7.