Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Application security careers have bright future

Application security expert Dan Cornell explains why companies are taking a greater interest in incorporating security into the SDLC, and how this trend affects those breaking into the software security field.

I have recently joined a company and become a trainee in application security, which includes vulnerability assessment, pen testing, reporting and secure coding. Can you please tell me about the future of this career?

I think the future of this career field is very solid. Up until this point, security has not been a priority of development teams. With compliance requirements such as PCI DSS and new regulatory requirements from groups such as the OCC, this has changed. Developers who understand secure design and development will become the norm rather than the exception, and getting an early start is always good.

Software security resources:
PCI DSS compliance: Web application firewall or code review?

The most effective time to do security testing

How to address application security from a holistic perspective

In addition, skills such as penetration testing, application assessment and code review will increasingly be in demand. Again -- regulatory and compliance pressures mandate that application level testing be performed, so there will be a need for more capable individuals. Over time, though, these areas will be commoditized and the really valuable skills will be more process-focused. The ability to lead development teams in secure development efforts as well as the ability to help integrate security into the software development lifecycle (SDLC) will become more important than the testing of individual applications.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.