CISOs should strive to ensure that their developers receive meaningful , jobrelevant upskilling that provides value .
CISOs should explore a tiered learning approach , where topics can be broken down into discrete educational objectives and concepts .
EXPERT OPINION
CISOs should strive to ensure that their developers receive meaningful , jobrelevant upskilling that provides value .
in complexity , the jobs they manage can extend far beyond their capabilities . This results in burnout – and ultimately , leaving the role they chose as their next career step .
The disconnect between developer and manager expectations needs to be addressed to retain talent within organisations . For most modern companies , the developer is essential to all parts of the business . Instead of looking externally , CISOs should look inward and curate an environment where developers can thrive .
Building cybersecurity talent from within
Rather than competing for talent against other companies , CISOs should be thinking about the value of their current workforce . While there may be employees without a security background , with the proper training and support , they could shift to a new career in cybersecurity .
When you think about the modern worker , they are predominantly interested in an environment where they can learn and grow , developing a fulfilling career . CISOs should take advantage of this interest and identify individuals within their organisation that show potential to explore more cyberrelated roles .
Tech organisations that already have software development or internal IT resources are already full of untapped security potential . These IT pros and developer teams should be proficient in coding and have an understanding of the digital landscape . Our State of Developer-Driven Security Survey found that just 8 % of programmers believe that writing safe code and keeping vulnerabilities out of software was simple , and the vast majority of programmers saw the need for cybersecurity and were invested in learning more .
Creating a flexible education programme will be essential to upskilling these candidates . CISOs need to build a programme that encourages and rewards secure development . This could include creating or appointing security champions internally – these talented and security-aware developers distinguish themselves either in training or as part of newly-focused metrics evaluations . Appointed champions should also be willing to help other developers enhance their skills and improve the development community from within .
Create a tailored security programme
Creating a flexible learning programme isn ’ t a case of just throwing money at the solution . Poor , checkbox solutions where prospects watch a video and answer questions creates a tainted view of security education . In a complex field like cybersecurity , beyond a
CISOs should explore a tiered learning approach , where topics can be broken down into discrete educational objectives and concepts .
42 www . intelligentciso . com