Secure Software Developer Might Be Next Hot IT Niche
According to the U.S. Bureau of Labor Statistics' 10-year economic outlook, computer software engineers who work in the application professions sector are expected to be the fourth fastest-growing occupation between 2006 and 2016, increasing by 44.6 percent.
Yet making sure that software is built in a secure way has typically been a secondary concern within the field.
"Software developers have never considered security as really part of their domain. But this is changing," John Pescatore, a Gartner analyst, told eWEEK.
But this stands to change. According to Gartner research, 75 percent
of attacks are now targeting applications. Furthermore, as more Web
sites develop Web 2.0 technologies and consumers continue to demand
mash-up services, developers who know how to incorporate security into
the initial creation of applications are expected to carve out an
important niche for themselves.
"The job is at the intersection of security and software
development. In the last couple years these security issues have risen
to the forefront of a concern about doing business online," Mike Weider
director of security products at Rational, a division of IBM.
IBM is just one of the companies that view these software security developers as an important specialty that will make a big impact in making the software consumers and businesses use every day more secure.
"Organizations have to wake up to software security and when they
look at how they're going to address it, the real problem is often a
lack of skill within their development groups. They're looking to hire
resources who can educate the rest of the organization while creating
and designing security programs," said Weider.
Where software developers are going to learn more about building
secure applications is still unclear. Currently, most software
developers aren't picking up this information at the university level.
"It's clear that there is a huge problem with software security and
the reason is that application developers have traditionally not been
trained in security. If you look at most computer science programs
today, you don't see a lot a lot of emphasis on security training,"
While universities increasingly have a security curriculum, they don't have elements of this included in software engineering.
"You're not learning good security practices and coding at the same
time, and that's definitely something we need to see changed," said
Businesses are increasingly requiring everyone in software development to undertake security training, with companies such as Cigital and Security Innovation coming in to retrain software developers on how people attack software and how to avoid some common pitfalls.
Once a software developer has this information under the belt, however, they become much more appealing hires. While most companies don't have a position titled Secure Software Developer, banks and financial services companies appear to be the earliest adopters of this role, followed by contract arrangements.
"One place where there is strong employment in this skill is in
consulting firms, who are hiring developers and engineers to help them
fix their security problems," said Weider.
The companies that are hiring for this position are willing to pay a premium for these developers.
"Those who have this kind of skill can now easily command a higher salary," said Weider.