Software Integrity

 

What’s being done about the growing software security talent gap?

What’s being done about the growing software security talent gap?

As we continue to face a staffing shortage in security, many companies are scratching their heads as to why new graduates are simply not starting careers in cyber security. According to TechRepublic’s Alison DeNisco Rayome, only 9% of millennials are interested in pursuing careers in cyber security, perhaps because it’s a relatively new field.

Similarly, a survey by ProtectWise showed that out of 524 tech-savvy millennials and postmillennials, 65% said that their schools never offered security courses. This is a huge concern, as the talent gap is growing so fast that we are looking at a 1.8-million-person deficit by 2022.

According to an independent Black Hat attendee survey, 73% of top security professionals think it likely that their organizations will be hit with a major data breach in the next 12 months—but they won’t have enough time, money, or skilled staff to handle the crisis.

What is being done to counter the situation?

So how can we prepare for the ever-changing, ever-increasing number of attacks? How can we entice computer science students to choose a career in security if they are not being exposed to the field?

I recently reached out to Gary McGraw, Ph.D., to find out. Gary is considered one of the founding fathers of software security, and here’s what he had to say.

Why do you believe that there continues to be a skills gap with college graduates entering security professions over 10 years after you published “Software Security”?

Software security as a field is growing by leaps and bounds, but computer science faculty size is not. When a CS department has to figure out a curriculum, they have to figure out who will teach what when. With a limited number of class times available, it is hard to slot in software security. In my view, it is more important that CS students learn to code and learn some CS theory and the basics than to develop a new curriculum. In an undergrad program, you should learn to think and communicate. In grad school you can begin to specialize in things like security.

Do you believe there is a disconnect between our computer science programs and the security industry? If so, what is missing?

The tension between professional needs and demands and academic curricula is never-ending. Though we could certainly use some graduates with software security skills, we do need them to know the basics of computer science as well!

How do we fill the gap?

We need to encourage higher education, promote internal training, and support university computer science programs by partnering with them, providing guest speakers, and supporting cyber- and security-related clubs.

Also, research has shown that women are a promising and untapped pool of talent. Women are more apt to go to college straight out of high school, and in one survey, 17% more women than men responded that they would be interested in a career in cyber security. Such programs as Women in CyberSecurity and Women’s Society of Cyberjutsu are helping increase access to talent.

Join us

With over 20 years as a leader in software security, Synopsys is uniquely positioned to adapt and apply software security best practices, tools, and strategies to new technologies such as IoT and cloud. Synopsys has 300+ security professionals delivering everything from design to testing and architecture.

Are you ready to join the software security revolution?

See opportunities

 

More by this author