Vast majority of security and development pros report dramatic talent shortages

Cobalt’s 2022 pentesting survey released on Wednesday found that both security and developer teams are struggling with alarming cyber talent shortages.

For security teams, some 90% of respondents who have suffered shortages or lost team members are struggling with workload management.

As security teams are looking to developers for help, only 7% of developers say their teams have been adequately staffed for at least six months and expect to continue that way for the next six. A full 97% of developers say that these challenges make it harder to meet critical deadlines for feature launches, and 80% say these challenges compromise the quality and security of the code their developers produce.

Cobalt’s findings raise the same security issues the industry has been dealing with, and attackers have been leveraging, for several years, said Mike Parkin, senior technical engineer at Vulcan Cyber. Given the ever-growing threat surface, and ongoing issues trying to get qualified people to deal with it, Parkin said it’s no surprise organizations are having trouble staying ahead of the problem.

“While the right tools can help reduce the workload, the need for security professionals is going up faster than people are joining the ranks,” Parkin said. “The problem is similar for software development, where innovation and speed-to-market often get a lot more attention than secure coding."

Casey Ellis, founder and CTO at Bugcrowd, said pentesting can mean a lot of different things, from complicated and highly skilled adversarial simulation with a focus on the most important risks to a company right down to compliance-driven assurance to satisfy auditors or the tactical needs of a business. Ellis said this creates a lot of inroads for people in terms of what to learn and where to enter.

“My advice to folks getting into the field would be to consume a bunch of content, network with communities to establish and build peers in the space, and sample as many different flavors of pentesting as you can until you find something that really sticks,” Ellis said. “The attributes of a talented and successful hacker are curiosity and perseverance, and I’m a huge believer in the idea of finding and working with the areas of interest that spark joy.”