EXPERT OPINION digital certificate , this hands-off type of training won ’ t be valuable for providing individuals with effective secure coding skills – it will also do little in terms of convincing auditors or regulators .
While 92 % of developers expressed that security training was important , they want and need good learning pathways that speak to them and provide handson examples . Many developers suffer in silence over mediocre programmes that have them carry out compliance exercises that only waste their already limited time . CISOs should strive to ensure that their developers receive meaningful , job-relevant upskilling that provides value , raises code quality and delivers the kind of knowledge that ultimately drives an organisation ’ s security maturity .
For example , CISOs should explore a tiered learning approach , where topics can be broken down into discrete educational objectives and concepts . This approach adds newer , more advanced concepts layered on top of those already mastered , creating a clear path to success while keeping the level of challenge high .
Security departments are the organisations ’ backbone and amidst the skills shortage in the tech market as a whole , companies should prioritise building a culture that encourages security best practices .
Creating a security-first culture
The cybersecurity skills shortage continues to create immense pressure on CISOs – and while it might seem like an easier option to look outward for new talent , it ’ s going to be much more effective to upskill internally . Not only does this help fill positions , but it also empowers employees , creating greater loyalty to the organisation .
It ’ s clear that the world is changing and businesses need to adapt to this evolution . CISOs are in a unique position to solve these problems for their organisation and establish their value . Investing in the right developer enablement not only builds the organisation ’ s capabilities internally but also opens the door to creating a security-focused culture that extends beyond the IT department , driving further value for the organisation at large . u www . intelligentciso . com
43