We seem constantly to be promoting a software-development methodology based on an ever-increasing set of services that no-one is prepared to pay for. I'm old enough to find that a concern, though it's clearly no longer considered an issue.
Snyk: 50% of security jobs unfilled… any solution predicated on devs 'becoming security experts is doomed'
In an interview with Snyk founder and president Guy Podjarny on the challenges of secure application development, he told us: "Any solution that predicates on developers becoming security experts is doomed to fail." Snyk began in July 2015. Why the name? "The original idea that I had was around sneaking information out to a …
Wednesday 8th September 2021 08:30 GMT Whoopsie
Podjarny repeating the tired old nonsense from The Big Boys like Google - "waah, there's a skills shortage!".
There absolutely is not a skills shortage in cyber security. At all.
What there is is a abundance of companies who don't want to pay for in-demand skills, who don't want to train their people, who have ridiculous job description demands and broken hiring processes, and enforce short sighted and medieval working practices.
A quick search on LinkedIn just now shows 3 positions advertising someone with 3 years cyber security experience who also has a CISSP.
The "lack of skills" is not the problem here, and never was.
Wednesday 8th September 2021 13:06 GMT nautica
"Oh, you've SEEN Windows run? No need to come in to pick up the paycheck; we'll send it..."
"...any solution predicated on devs 'becoming security experts is doomed" "
As is the industry-standard practice of taking anyone who types on a keyboard and stares at a screen, and be-knighting them as a "dev".