/aug 14, 2019

As Cyberattacks Increase, So Does the Price of Cybersecurity Professionals

By Valerie Lattell

Cyberattacks are on the rise, and companies are noticing. Everyone is in a scramble to avoid being the next corporation sweeping news headlines with the words “data breach” following. As a result, the demand for cybersecurity experts is skyrocketing, but there are a couple of problems. Not only are there not enough cybersecurity experts to fill those roles, but for the cybersecurity experts that are out there, they’re demanding a premium for their talents.

A recent Bloomberg article stated that in 2012, an enticing rate for a chief information security officer at a large company was $650,000. Fast forward to 2019, and the same role at the same company is going for $2.5 million. On top of that, the article points to data that shows there were more than 300,000 unfilled cybersecurity jobs over a 12-month period in the United States in 2017-2018. When looking to the future, Cybersecurity Ventures predicts that the amount of unfilled positions will grow to about 3.5 million jobs.

So, the problem itself is double-pronged. Companies are recognizing that they need to address cybersecurity in some way, shape, or form, and are looking to bring in experts to help them out – but those experts come at a very high cost.

Alternatives to the salary game

Security champions

Hiring additional security professionals does not have to be the starting point for your company to take the leap into more secure software. One practical way to embed security into your organization, and get more from your existing security team, is to look for – and create – security champions on your development teams. Step one is finding a security-minded individual on your development team, and then giving them extra training, responsibilities, and perks to incentivize them to be that security liaison. Developers will be much more inclined to take security advice from someone who’s already familiar with their lingo and processes.

Ultimately, with a security champion, an organization can make up for a lack of security coverage or skills by empowering a member of the development team to act as a force multiplier who can pass on security best practices, answer questions, and raise security awareness.

For more information on security champions, check out this Veracode guide.

Outside partners

As organizations struggle to find the right people to step in and oversee their programs, another effective way to ensure you have your bases covered is by bringing in an outside partner. Having a solution like that offers hands-on support, coaching for developers, and AppSec expertise can make a world of a difference. We aren’t suggesting you replace your internal team with outside consultants; rather, that you free your team to focus on managing risk by taking these tasks off of their plates:

  • Addressing the blocking and tackling of onboarding
  • Application security program management
  • Reporting Identifying and addressing barriers to success
  • Working with development teams to ensure they’re finding and remediating vulnerabilities

Learn more about the benefits of bringing in an outside partner in this blog.


While you try to find the balance between keeping your headcount low, yet covering all of your bases from a security standpoint, a fantastic way to tie your approach together lies within utilizing automated security solutions. You can remove the need for human intervention as much as possible, continue to enable your developers to test for flaws early and often, and integrate a solution that works in tandem with your current environment. Having the security champions, automated solutions that are easy to work with, and a partner who can help your developers out when they run into roadblocks are all effective ways to reduce your risk – and without breaking the bank.

Want to find out how Veracode can help you check off all of these boxes and more? Request a personalized demo of our platform today.

Related Posts

By Valerie Lattell

Valerie is a part of the content marketing team at Veracode, based in Burlington, MA. In this role, she strives to create and promote compelling content that will engage IT professionals and fuel the conversation around application security. Prior to this role, Valerie was involved in business development for both IT hardware and software security solutions.