Job Satisfaction

Cybersecurity is finally becoming a real team sport

Print Friendly, PDF & Email

Given the simple fact that it’s unlikely the chronic shortage of cybersecurity professionals is going to be addressed in any meaningful way any time soon more organizations than ever are doing the next best logical thing. There are employing IT teams to take over responsibility for security operations while at the same time impressing upon application development teams the need to make sure software supply chains are as secure as possible.

A global survey of 700 IT professionals conducted by Pluralsight, a provider of a platform for training IT professionals,  finds that cybersecurity has now replaced cloud computing as the top-ranking area of training focus for individuals and organizations in 2022, with 43% ranking cybersecurity as their top skill concern compared to 39% for cloud computing. In a similar survey a year ago, cybersecurity and cloud computing were tied at 39%, the report notes.

In addition, the 2022 survey finds that 44% of respondents now identify cybersecurity as the skills gap that poses the greatest threat to their organization.

A survey of 149 IT professionals conducted by InformationWeek suggests that organizations are pressing IT teams into service to close that gap. The biggest change in IT operations and cybersecurity seems to be that general IT is taking over more responsibilities and tasks that the security team used to handle, according to the report.

The integration of IT and security operations, however, is not going to solve the problem.  A survey of 200 security professionals conducted by Waratek, a provider of tools for managing security-as-code, finds nearly 83% of respondents reporting that an increase in the rate at which applications are being deployed has led to an increase in the reintroduction of previously remediated vulnerabilities. It’s just too easy for developers as they download the same component multiple times from a repository to employ a version of that component that has a vulnerability that has already been previously remediated in a production environment.

The challenge is that as the rate at which applications are deployed increases thanks to the adoption of agile methodologies and best DevOps practices there is not enough cybersecurity expertise available to keep pace. In theory, organizations should be relying more on best DevSecOps practices to shift responsibility for application security left toward developers before applications are deployed in production environments. Unfortunately, a lot of application development teams still lack the tools and cybersecurity expertise needed to discover, prioritize and remediate vulnerabilities. It may be years before DevSecOps practices are automated enough to make a meaningful dent in reducing the number of vulnerabilities being regularly introduced into application environments.

One way or another, it’s clear cybersecurity is finally evolving into a team sport. Cybersecurity teams are clearly defining the appropriate policies, but responsibility for security operations is becoming more widespread. Not surprisingly, IT operations teams and application development teams are exercising more influence over what security platforms are employed. Many of them are simply not capable of managing overly complex security platforms that require a lot of technical expertise to master. The more automated functions are, the more likely it is those teams will embrace one platform over another.

It will be interesting to see how cybersecurity evolves in the months and years ahead but the days when cybersecurity professionals tended to be viewed as specialists that were not really integrated within an organization are finally coming to an end.

Scroll to top