The Rise of the Security Developer

The cybersecurity industry is fast paced and exciting. Yet, it is still facing a massive skills shortage. According to the 2018 (ISC) Cybersecurity Workforce Study, there’s a shortfall of around 142,000 cybersecurity professionals across EMEA.

In an age where no organization is immune to the threat of a cyber-attack, and adversaries are becoming much more sophisticated, there is growing demand for experts that can help. In particular, for security developers – analysts that understand security-friendly coding languages. In fact, cybersecurity engineers and analysts have been identified as being on the Shortage Occupation List (SOL) according to the Government’s Migration Advisory Committee (MAC).

Being on the SOL list also lowers the barriers for overseas workers that have specialist skills in coding and cyber to be employed. For those security professionals that can hone their skills with Python, JavaScript, HTML, and even newer languages like Go, then the opportunities are huge.

The UK has taken steps to try and address the skills shortage. The Department of Digital, Culture, Media and Sport (DCMS) has launched its Cyber Skills Immediate Impact Fund (CSIIF), which offers government funding so that employers can upskill the existing workforce and develop specialist cybersecurity skills.
Resolving security’s biggest headache

With the attack and defense surface rapidly expanding, businesses have an urgent need for security developers that are skilled at coding and development - professionals that can advantage of all these new tools to create a cohesive security system.

Security developers are analysts with security-friendly scripting language skills, and have a good level of knowledge around APIs. This combination makes them the heroes that are capable of getting a new EDR, UEBA or vulnerability scanner to work effectively within an existing security, incident, event management (such as SIEM) or ticketing system.

Analysts are now able to have a greater understanding of the code structure of malware to fully get to grips with new threats. If you have a security developer, then the security team is no longer relying on a separate development team to make changes to the technology stack when new products come along. Being able to quickly throw code together means new tools can be easily integrated into existing processes more effectively.

With security developers on the team, businesses suddenly have the skills to tune integrations to their unique needs and automate the processes that allow different teams to work together. That’s part of the reason security developers have become so valuable.
With various security tools making up an organizations’ defensive arsenal, companies often fall into the trap of hoping that an integration tool will come to market. While integrations between security products today are more commonplace, they are still largely point solutions.

It’s nearly impossible for products to incorporate logic based on what your team is doing. or what all other products across your security technology stack are seeing. Furthermore, these integrations often lack some desired functionality that is unique to your needs. While vendors will create integration tools for where there is demand, there is no one program that can integrate with all the other niche tools that your business is reliant on day-to-day.
A unified approach
Security developers allow you to integrate the latest new software into your team, processes and technology stack. This means that whenever the business spots a new tool that the CISO wants to buy, it has the support of an entire security developer community to make it work.

However, to really take advantage of those skills, businesses need a “partner in crime”. Organizations need to look for an extensible security platform that can bring all those APIs and exciting tools into a central location where all of its data and employees can take advantage.
Being able to have one central system - automated or semi-automated - to pick out and present the most urgent threats brings huge benefits and gives organizations a chance to respond as quickly as possible. It also enables greater collaboration within the industry. Part of growing as a security developer is collaborating with other security developers. By providing repositories where developers can share and collaborate, there is an opportunity to help developers hone their skills and make themselves and their teams more effective defenders.

In an age where speed matters, enabling security developers to exchange best practices about threat intelligence and security needs to become part of the culture of the business.
However, it is important to remember that having one person is by no means a replacement to having a good sized team. It is about having the right building blocks. With digital transformation and increasingly distributed workforces, the attack vector is expanding so demands on security teams will only continue to increase. The ideal situation is to have several team members with security developer skills.
Going forward, we will see more multi-skilled people enter the workforce. We’re already seeing more universities offer general security courses, which will give people a path into the role of the security developer.

As the UK continues to look at how to address the cybersecurity skills shortage, we will see more focus on helping to train security professionals in coding and boosting familiarity with APIs. Ultimately, our adversaries are getting quicker and more sophisticated. So, anything organizations can do to speed up response using security developers will be welcomed by the business.

Richard Cody is an Integrations Product Manager at ThreatConnect. He was formerly a Senior Customer Success Engineer, and has experience as a Threat Intelligence Analyst working for the Federal Government. In his spare time he enjoys racing motorcycles and hiking outdoors.

What’s Hot on Infosecurity Magazine?