CASE STUDY: Developing cybersecurity skills within development teams

The perception of cybersecurity even from within the rest of the digital sector is mixed – many developers, designers, project managers see the security challenges as an obstacle.

As a result, it is often treated as an afterthought in many development projects, increasing security risks and increasing both the cost and time of testing and fixing. Aside from these immediate impacts, it often creates an acrimonious relationship between cybersecurity professionals and the rest of their teams.

Digital Interruption are a consultancy who support organisations to solve this. Their solution to the issue is to introduce tools and training on security for all staff earlier on in the development process – designers, developers, testers. Working with any project that has a development pipeline, the idea is to distribute responsibility for security throughout the process. By teaching development teams some of the common flaws in different systems, they will start to build more secure systems by default. This will improve the burden on security professionals and create a more cooperative environment.

Through this shift, the role of cybersecurity experts changes to be more advanced and more specialist. Because the overall standard of security improves, the cybersecurity team tend to perform smaller and more targeted testing, which can affect small areas of the system, as opposed to needing full redesigns. This approach will also change the skills profile of the workforce, enabling more individuals to get an understanding of what the cybersecurity roles are like and to weigh it up as a progression route in their future career, therefore, potentially creating a new talent pipeline.

Workplace practices

With regular long hours, on-site working involving travel and overnight stays, and high levels of stress, the cybersecurity sector has gained a reputation for tough working practices. Digital Interruption are also working to improve these working practices, focusing both on the mental health and wellbeing impacts of work. Introducing new flexible working hours, fewer on-site visits and an understanding environment, they have improved the work-life balance of all of their employees. Supporting this, they promote these principles among their peers, clients and customers at industry events.

Some of the new principles they propose for businesses include:

• “Ask your staff”, where companies will trust staff to come up with solutions themselves instead of directing in a top-down manner, allowing for creative problem-solving.
• “Enforce good policies”, where well-written policies around working practices and adherence to them are paramount – loopholes and non-adherence result in stress and distrust.
• “Don’t buy in bad practices”, where culture and working practices are passed up and down the supply chain, hopefully inspiring more companies to make similar changes.

This understanding that individuals are the most important resource for a business is a growing trend across all sectors – Digital Interruption are leading this among the digital sectors. With cybersecurity in particular becoming ever more important for all areas, this work will help to promote best practice principles, resulting in an increased job satisfaction for those already in the sector and will contribute to improving the recruitment and retention for many digital businesses.

We trust our staff – we give them the autonomy to be able to make their own decisions

Article Published: 01/02/2021 15:33 PM