The shortage of cybersecurity professionals is on pace to reach 1.5 million empty positions globally by 2020, according to Frost & Sullivan. Yet, as the digital economy relies on rapid innovation in software, the growing demand for developers with security skills is also dangerously outpacing supply. Now, a survey of development and IT professionals, conducted by Veracode and DevOps.com, has found that lack of formal security education, and a shortage of investment in training by employers, is contributing to the growing skills gap.
The problem begins at the university level, where just 24 percent of survey respondents were required to complete cybersecurity courses as part of their education. And the lack of formal employer training in security and DevOps skills means IT and development professionals are on their own, forced to learn “on the job,” according to the DevSecOps Global Skills Survey.
Although many businesses are now required to take steps to protect data and applications, enforced by strict new regulations such as the New York Department of Financial Services Cybersecurity Regulation and the EU General Data Protection Regulation, very few are providing adequate security skills training for developers and IT professionals. As a consequence, only 14 percent of developers and IT professionals reported they are “very prepared” to deliver secure software at DevOps speed, while 55 percent said they are “somewhat prepared,” and 29 percent are “not prepared.”
Furthermore, almost 70 percent of survey respondents said the training they receive in application security is “inadequate,” while 86 percent said their organizations are not investing enough in application security training.
Despite the fact that only 4 percent of survey respondents said they received necessary skills training in college, and another 4 percent through third-party training at work, there is some positive feedback about steps employers could take to boost security and DevOps skills in their workforces. Developers and IT pros predominantly believe the most effective types of training are self-directed, including 28 percent who said eLearning is the most effective format for skills training.
Check out the infographic below for more highlights from the survey report. You can download the complete report on veracode.com, including recommendations for implementing effective training programs that work for your development, security and IT operations teams.