Amid the Great Resignation, security professionals can be hard to come by. The labor shortage impacts organizations overall; it also has a unique effect on developers. This is because, when security and engineering aren’t in tune, organizations don’t operate efficiently. In fact, 97% of developers are struggling to meet critical launch deadlines because they can’t collaborate well with their overstretched security counterparts, according to Cobalt’s research.
Security and development teams are moving into the spotlight as organizations fully embrace a DevSecOps approach. But, the Great Resignation has introduced challenges for both groups. Security teams are struggling to find the right CISOs, while developers are having the hardest time finding the right staff engineers, engineering managers, and tech leads to round out their teams.
Our research reveals that the talent shortage is caused by a key factor: Security professionals are stressed. Struggling to keep operations running up to standards, security professionals are getting burned out and increasingly thinking of leaving. As stress and demanding operations cause talent shortages, talent shortages are also raising stress and operational demands. It’s a vicious cycle that feeds itself.
These operational stresses from security talent shortage can be a big push for developers to quit. The report also found that 45% of developers surveyed are currently dealing with a shortage of employees, while 36% said they had talent shortages in the past 6 months.
As a result of developers struggling to collaborate with security teams and vice versa, our research found that 96% of security teams see a slower response to patching critical vulnerabilities.
Reasons security professionals and developers are leaving include a loss of faith in their ability to deliver value to their organization, roadblocks from delivering new security features, struggles with workload management, toxic company culture, and more. While these talent shortages affect individual teams, they also make it more difficult for security and development departments to collaborate, and limited team resources and added pressure lead to burnout, specifically impacting developers.
The high rates of developer resignations should prompt managers to reconsider how they are treated in terms of compensation, their autonomy and flexibility, workload, and work-life balance. Notably, our research discovered that security professionals and developers, to feel secure in their jobs, need fulfillment and community, with 59% saying they need a strong focus on their personal and professional development, and 55% saying they want a stronger community feeling while their company is primarily working from home.
Here are a few things your organization can do to help retain talent:
- Increase access to security training based on reports like the OWASP Top 10 list.
- Prioritize employee development needs to support employees’ personal and professional growth.
- Create a security champions program to help ensure cybersecurity is at the heart of every department and team.
- Communicate risk clearly by showing leadership how insufficient resources in staffing can lead to bigger security issues.
Overall, it can’t be overstated how talent shortages in security will inevitably affect developers. The last thing a company wants is to let development get sidetracked — security is a combination of the decisions and efforts made by many different people, and the right people in place. Navigating the current shortage in employees is undoubtedly challenging but providing security teams and developers with access to the right resources can help strengthen and maintain organizational security.
Jay Paz is Cobalt’s Senior Director of Delivery. He has more than 12 years of experience in information security and 20+ years of information technology experience including system analysis, design, and implementation for enterprise level solutions. He has a robust background in developer supervision and training as well as in major programming languages, operating hardware and software, and major infrastructure application development. At Cobalt, he lays the groundwork for innovation and scale as he oversees operations and day-to-day management for Cobalt’s pen tester community.