AppSec during hypergrowth: Empower your developers to overcome the tech talent shortage
16 de novembro de 2021
0 minutos de leituraMany high-growth technology startups are pressured to deliver applications to market ahead of fast-moving competitors. It’s all too easy to allow a “we’ll get to that eventually” mentality to creep in when competing priorities appear to force a tradeoff with development velocity. This introduces unnecessary risks, but they can be mitigated by implementing an effective AppSec program that involves the right tools, processes, and mindset.
In this post, we’ll look at the challenges of hypergrowth and how to overcome them by empowering developers to take ownership over application security themselves.
The challenges with hypergrowth
A key challenge most hypergrowth companies face is hiring for developer and cybersecurity roles. While it has always been difficult to fill technology positions, accelerating demand across the sector for developers is straining companies that are growing at a rapid pace. In fact, research into the current Great Resignation crisis in the labor market found that 3 out of 4 CEOs surveyed rated labor and skills shortages as the top external issue to disrupt their business in the next year. For cybersecurity talent, this labor shortage has been an ongoing problem, reported in the annual (ISC)2 Cybersecurity Workforce Study for several years running. The 2021 (ISC)2 version of the study found that:
“[Cybersecurity] professionals say the workforce gap remains the number one barrier to meeting their security needs. Two-thirds (60%) of study participants report a cybersecurity staffing shortage is placing their organizations at risk.”
When companies do hire new developers, there are additional challenges with onboarding. It can take weeks or even months for a single software engineer to fully ramp up because they need to become familiar with a new tech stack, codebase, and team practices. But hypergrowth typically means onboarding many engineers at a time, which also stretches managers and mentors thin, allows bad habits to creep in, and causes development teams to overlook things that lack clear visibility and oversight.
From a security perspective, it’s even more difficult to hire and onboard developers that have secure coding experience because many developers aren’t trained for these skills. That means security teams, which are often far outnumbered by developers, become overwhelmed with handling security issues when they’re relying on traditional application security tools that fail to meet the needs of a high-growth company.
But rest assured, there are ways to overcome these challenges.
Empowering developers to improve application security
Since there are numerous challenges hypergrowth companies face, it’s crucial to implement an efficient AppSec program that enables both speed and security. One of the best ways to increase development velocity without compromising on security is to empower developers.
Here are some key considerations when choosing application security solutions for a hypergrowth organization.
Developer friendly
When developers are pressed for time, they’re unlikely to go out of their way to use security tools that require additional effort. That’s why application security tools need to meet developers where they are by integrating directly into existing workflows. This seamless approach, which is a core tenet of DevSecOps, ensures developers can leverage security tools on the spot when issues are top of mind.
High performance
Developers often have the perception that security tools will slow them down, but that’s not always the case. In fact, the right tool can even shorten the development lifecycle and improve development velocity. High-performance security tools ensure there’s a tight feedback loop between when a security issue is discovered and developers can remediate it, which reduces the overall level of effort required for application security.
Actionable insights
A major drawback of traditional application security tools is a lack of actionable feedback. Developers at hypergrowth organizations – or any organization for that matter – lack the bandwidth to research solutions to security issues. The right application security tool can not only find vulnerabilities, but also provide actionable insights to remediate them immediately.
Security education
One of the challenges with hiring is that there’s a shortage of cybersecurity talent. Since security isn’t a primary focus in most computer science or coding bootcamp curricula, many developers lack an understanding of secure coding principles. That’s why we built Snyk Learn, which is a security education platform designed for developers. This free resource enables developers to improve their security skills through highly relevant tutorials about specific vulnerabilities.
Security Champions
Another way to bring security to development teams is through building a security champions program. Security champions are developers with an interest in application security that can foster awareness and knowledge-sharing between development and security teams. Through a security champions program, hypergrowth organizations can ensure the security team remains a top priority through the development lifecycle.
Grow fast, securely
Overcoming the challenges of hypergrowth isn’t easy, but that doesn't mean organizations should overlook application security. Through the right tools, processes, and culture, hypergrowth companies can empower their developers to build secure software faster than ever.
Is your organization experiencing hypergrowth? Learn more about growing fast, securely with Snyk.