In an ever-expanding digital economy, the most successful businesses provide tools, training and resources that enable their software development teams to achieve a higher standard of work, with security underpinning this strategy. The result is the rapid creation of secure applications that meet demand; mitigate risk and move the organisation’s business objectives forward, writes Matias Madou, Co-Founder and CTO of Secure Code Warrior, which offers training for developers.
This unfortunately isn’t the reality for most organisations. A negative working environment can cause developers to jump from business to business to escape burnout. In fact, one fifth are looking for another role. That will have consequences for security, with secure coding less likely to be prioritised while a sparse team struggles to execute on desired company innovation, bring new products to market, and drive competitive edge.
The onus is therefore on business leaders to focus on the role of developers and how they can make a difference to software security. Doing so will help enable engagement and encourage contribution to the overall security strategy of the business. Here are three steps organisations can take to prioritise developer enablement:
Develop the right environment
The first step for organisations is to look at where significant changes need to be made to their working environment. Businesses must first understand the state of their surroundings – and this typically requires analysing their overall security maturity and discovering how to encourage developers to supplement and further strengthen it.
A major desire among developers is knowing the tangible impact they are making on any given project and seeking to optimise the end results. Often, though, they instead find themselves battling unrealistic timelines that can inevitably result in rushed work and an inferior final product. Managers want the same reassurance, but they need to communicate better on how to reach these goals. At front-and-centre should be a security-centric culture that places developers at the heart of code-level risk mitigation. Company leaders need to think outside the box to highlight the criticality of developers in the business, and devise a structure where their work is highlighted and rewarded accordingly.
Focus on security across departments
It’s not just up to the security specialists to take responsibility for wider security practices within their organisation. Everyone across the business must play a role in upholding the highest possible standards. Developer enablement creates opportunities to embed developers into larger corporate practices and goals rather than simply being assigned what might appear to be free-standing development tasks. They need to clearly understand how the work they are doing links to the broad strategic objectives of the business they are working for. It is key here to make them feel invested in the organisation’s overall success by creating an environment where CISOs, security teams and developers work together to improve security posture.
The next stage is to clearly define the practical steps that can initiate change across the business. Organisations too often try to take on too much at once, ultimately leading to failure. Instead, they should be looking to make security a team-wide responsibility that leverages the skills of each professional. Developers want to feel valued in their work and should feel empowered to refine security protocols throughout the development process.
Provide continuous skill-building opportunities
Transforming security practices in the business will, of course, also depend on the level of education provided to developers. A common shortfall is the lack of training provided to ensure that developers can grow their skills. This is particularly relevant when it comes to meeting strict deadlines and project requirements, or anything that requires a quick turnaround.
A one-day training course simply won’t provide the level of detail needed for developers to learn new skills and apply it to their day-to-day work. Businesses must change tack and look towards comprehensive training methods to foster well-rounded developers. They need to leverage tiered learning techniques that allow developers to follow individual programs that build on top of one another.
Developers who benefit from continuous learning will be able to create better programs, feel more included within the culture of their company; stay loyal to it and help build a strong security posture at the business. Successful leaders often set a cadence of developer training programs and emphasise continuous learning. These training opportunities should be prioritised, with adequate time given in the development cohort’s workday to engage with education tasks.
A look to the future
Developer enablement in the future will increasingly be focused on the evolution of the environment around them. Businesses must make it so developers can collaborate effectively with other departments, while being able to access insightful education and training opportunities to build their skills. For organisational leaders, the opportunity to make a tangible change is right in front of them. A complete reset of how developers are viewed in the security program is vital – to start this process, tools should be utilised to encourage new training methods. This will provide instant benefits to organisational culture, raise code quality and encourage developers to stay in the business and make an ongoing success of their role.
