Let's talk about security.
I know you're probably asking, “Joe, why should I care about security? I'm a tester.”
Well, I hope you read this post all the way to the end to find out why I think you’re missing out on a huge opportunity to learn a new skill that can make you more employable and more valuable to your current employee.
If you don't think you need to worry about security, OR security testing is not your job, you're mistaken.
Security testing is more important now than ever.
According to an IBM study, the average cost of a corporate data breach in 2020 is $3.86 million.
In some circumstances, these costs can be much higher. For instance, Target's 2013 data breach cost the company nearly $150 million and even put a dent in the company's stock price.
Recent cyberattacks have been even more costly—and the methods used by cybercriminals have become even more advanced.
Any time a company loses money, or their brand takes a hit in the news, they should be concerned. Even from a self-preservation perspective, these things can often lead to layoffs due to lost revenue.
Take a look at some of the most recent cybersecurity news
Also, more and more companies lately are getting attacked by ransomware/malware.
Take Garmin, for instance. Recently I saw the headline in the new that Garmin reportedly paid multimillion-dollar ransom after suffering a cyberattack.
A reported $10 million was demanded in ransom after the attack took Garmin services offline
Garmin is a company worth around $19.59B, and you're telling me they don't have enough money to invest in security testing?
Also, certain security exploits like SQL injection attacks should be a thing of the past.
Security issues can be caught early in your SDLC if your team knows how to check for them.
However, I still see news items about recent hacks at companies not able to defend against them.
You'll discover how to prevent security exploitation of the software you and your team are developing at our upcoming Security Testing event.
Boost Your Testing Career with Security Skills
Before we get into the event, are you aware that having security testing skills makes you more employable?
This is especially important in this time of Covid-19 and a downturn economy. Having any competitive edge over other testers can be the make-or-break decision of whether you get hired or fired nowadays.
For instance, look at the US Bureau of Labor Statistics Job Outlook for Information Security Analysts.
You'll see that it's projected to grow 32 percent from 2020 to 2028, much faster than the average for all occupations.
The expected demand for information security analysts is very high.
Analysts will be needed to create innovative solutions in order to prevent hackers from stealing critical information or causing problems for computer networks.
That means that if you are a software tester, learning more about security will only make you more employable and can only advance your career.
Let Me Show YOU the Money in Security Testing
Besides there being a high demand for folks with security skills, having these skills will make you more money!
Take a look at some salary numbers I found on itjobswatch.co.uk. (I’m based in the US, not the UK but I know the trend is the same.)
Here is the median salary for folks with the title of Software Tester:
And here’s the one for Security Tester:
The difference in pay is huge.
Now…imagine if you had both skills?
I asked Wilson Mar how he got into security after spending much of his career focusing on functional automation testing and performance testing, and this is what he told me.
Security is one of the main issues plaguing many companies. It’s was one thing to be slow, another to not quite work, but it's quite another to be receiving ransomware notices.
He also told me he was pulled into security-related issues and was horrified to discover how some organizations leave big holes in their systems.
And the more he looked into it, the more he realized that security is where the real money is at.
There is also a push by many organizations to get their teams involved earlier with security testing.
Shift Left Testers Needed in Security
You’ve probably heard a lot about shift-left.
These things can be done much better if they're done much earlier.
So, having someone on your sprint team that has security skills is a big plus.
Think of the advantage it is to be able to spot security risks and considerations before one line of code is even written.
Wouldn't be better to have team members with security expertise involved in all phases of your software development life cycle (SDLC)?
As testers, we definitely need to sharpen our skills and pick up skills in these new areas.
How to perform security testing
At this point, you might be asking yourself, “How do I level-up my security testing skills?”
That's why I created Secure Guild–an online conference dedicated 100% to helping you and your teams learn more about what works for security.
This is a great event for beginners, so you needn’t be a security expert to attend.
Our goal is that you'll discover at least one actionable tip, tool, technique, or best practice that you can implement right away to help with your new or existing security project.
Take a look at our lineup—what you’ll learn will make you even more of a rock star in your company and your team’s eyes.
- Harinee Muralinath – Vulnerable Dependencies – The Toxic Relation
- Arthur Hicken – How to Shift Security Testing Left
- Dale Meredith – How to Make a Security Testing Lab
- Wilson Mar – Secure your GitHub with 2FA and signatures. Here's how!
- Tanya Janca – Intro to Appsec
- Jimmy Rabon – How to Prioritize Your Open-Source Findings
- Cassie Crossley – Integrated Software Bill of Materials (SBoM) into DevSecOps
- Harjit Sandhu – Learn how to threat model using an interactive board game
- Cindy Blake – Bringing Fuzz Testing to the Mainstream
- Hasan Yasar – How to build DevSecOps Pipeline as Code!
- Jahmel Harris – Security in your pocket; Android application security for beginners
- Arash Rahnama – Attacking AI with Adversarial Inputs and How to Defend against It!
- Royce Davis – Teach Yourself Penetration Testing: A hands-on walkthrough of the Capsulecorp-pentest environment
- Mike Spanbauer – Developing a Security Test Methodology
Don’t Miss Out On This Opportunity
Have you registered yet?
Hope to see you there!