Cybersecurity, by definition, needs security software developers. The field of security, in general, has grown dramatically over the past two decades; with the ever-increasing use of electronic communications, transactions and information exchange, the need for robust security software and program suites is greater than ever. After the initial explosion of computer technology in the 1980’s, software development became more sophisticated year by year. As more and more computer users came online in the 1990’s, the market became more open to those with malicious intent to commit fraud, steal financial resources and infect computers and networks with damaging viruses. Security software became a required element of every computer terminal, network and business interface.
As technology has matured, more clearly defined needs and roles have emerged. Specialization has increased as niche markets have opened up. As a result, more opportunities for those with programming skills are widely available. The security software developer is one such specialty.
Foundations – Education
As with all technology fields, a strong background in computer science, computer technology, information technology and mathematics provide the foundation for the security software developer. Computer Engineering, Network Administration and other highly technical degrees such as Electrical Engineering and Network Technology are important also. A Bachelor’s degree in any of these fields is valuable; concentrations, emphasis in the other fields will produce a well-rounded candidate in the software development arena. A Master’s degree is a benefit, but not a requirement for success in this field; employers are looking for solid technical skills over theory. Typically, the security software developer has tinkered around with programming from a young age; although the skills can be learned at nearly any stage of a career.
Foundations – Experience and Certifications
Most employers want to see 5+ years’ of software development and programming experience in a candidate. The main thrust of the work is in development; security software is one area within the scope of software development. Good development skills and experience creating, deploying and updating software programs and suites are the key areas that define a successful software developer. While working to gain the experience, it is recommended to always have a bent toward security software development. The usual career path includes three years or more in development and at least two years in audit/testing.
Certification is recommended for the security software developer; there are several organizations that administer accredited certification programs:
EC-Council (International Council of Electronic Commerce Consultants (EC-Council):
ECSP: EC-Council Certified Secure Programmer
CEH: Certified Ethical Hacker
CES: Certified Encryption Specialist
GIAC (Global Information Assurance Certification):
GSSP-JAVA: GIAC Secure Software Programmer-Java
GWEB: GIAC Certified Web Application Defender
GSSP-.NET: GIAC Secure Software Programmer- .NET
ISC2 (International Information Systems Security Certification Consortium, Inc.):
CSSLP: Certified Secure Software Lifecycle Professional
It is worthwhile to note that the National Security Agency offers summer programs in a cyber-security environment in order to meet the following goals:
Increase interest in cybersecurity careers and diversity in the cybersecurity workforce of the Nation
Help all students understand correct and safe on-line behavior, and how they can be good digital citizens
Improve teaching methods for delivery of cybersecurity content in K-12 curricula
Foundations – Continuing Education
Due to the ever-changing nature of the security industry, continuing education is vital for the long-term success of the security software developer. The “half-life” of technology is steadily shrinking; Information travels at light-speed and hackers work around the clock to defeat the defenses set up to protect information, data and networks. It is imperative that one stay informed of technology advancement through trade publications, news, blog and organizational affiliations. Continuing education programs, seminars and conferences, classroom training and field exercises are critical to staying current (and effective) in the industry. Many other professional roles have designated requirements for continuing education; within the computer and technology industry, many certifications are refreshed every few years and it is pure common sense to understand that trends and technology will change over time. The successful security software developer keeps learning about the world of computer security.
Employment Opportunities – Job Titles
There are several job titles that encompass the work of security software development; some examples are:
Security Software Engineer
Of course, the duties of a software developer can be embedded within any number of cyber-security job roles; the list above represents a sampling of job titles that specifically incorporate the security software development keywords. The career path may lead to different areas of the Information Security industry, including Security Consultant, Security Software Architect or Security Architect. Additionally, education and instruction fields have the need for qualified software developers to train and prepare the next generation of security software developers.
Employment Opportunities – Job Duties, General
Simply stated, the Security Software Developer handles two primary functions: develop security software and integrate security software into existing and new applications. A typical starting point in the security software arena is the creation of diagnostic tools to locate various types of malware (including viruses, spyware and other damaging programs). The security software developer will ensure that security software is included – or ‘baked-in’ – to any and all software programs the organization produces.
In a typical day, the security software developer will be tasked with any number of the following responsibilities:
Manage a development team tasked with generating secure software tools
Lead a software design effort, including implementation and audit/testing
Coordinate with leadership to create and overall software security strategy
Hold meetings and seminars to clearly define client security needs
Develop proprietary software systems and forensic tools
Participate in lifecycle development discussions to hone security strategies
Create and construct “proof of concept” programs
Review programming techniques to ensure no logical design flaws
Understand and explain various attack vectors
Audit/Test existing networks for software vulnerabilities
Train developers in secure programming techniques
Oversee any software deployments to clients
Employment Opportunities – Job Duties, “Hard” Skills
Besides the specific tasks outlined above, a security software developer must have specific skills to complete their work effectively. These programming skills are non-negotiable; employers will typically require a candidate’s repertoire to include expertise in the following (this is not an exhaustive list):
Windows, UNIX and Linux operating systems
C, C++, C#, Java, ASM, PHP, PERL
TCP/IP-based network communication systems
Relational databases (e.g. SQL, MySQL, SQLite, etc.)
Hypervisors (e.g. VMware, KVM, etc.)
Python Experience in HTML/CSS
XML/Web Services, AJAX
Employment Opportunities – Job Duties, “Soft” Skills
Because the nature of security software development is to meet the security needs of an organization, the successful developer will also demonstrate a mastery of other, more universal skills, including:
Communication skills – verbal and written
Problem solving skills
Strong ethics, high integrity, trustworthiness and good judgment
A security software developer will frequently be in a team management position; the ability to work cooperatively, communicate effectively and express common goals is vital to this role. This realm also lives within a “pressure and deadline” environment – the successful security software developer knows how to handle pressure, deadlines and convey the appropriate level of urgency to peers and team members in order to reach an organization’s stated goals.
Employment Opportunities – Job Duties, Private Sector
Nearly all businesses and non-governmental organizations need security software as a part of their daily activities. Vulnerabilities in communication programs (e-mail and instant message programs), website and other online interactions and verbal communication networks need to be identified and covered by the security software developed. The security software provided must ensure that these interactions are protected and private data is not at risk of being exposed to unauthorized parties. Encryption of emails, designation of ‘secure’ websites and secured cellphone transmissions are just a few examples of where the need for security software can be found.
Nearly all purchase transactions – both point-of-sale and online – require security to keep the buyer’s financial data and information secure. Brick-and-mortar retailers use security software in their check-out lines as well as their general security systems. “Shrinkage,” or loss due to theft, costs retailers millions of dollars annually. A security software developer will design, code and implement a program to work within a business’ security system to reduce such losses.
Online retailers rely on security software to protect not only their customers’ private data within the transaction, but to prevent any malicious attacks on their public-facing network. The secure webpage provides the consumer with the confidence that the business’ online security is robust enough to allow buyers to purchase with confidence. That confidence is provided by the software developer’s expertise.
While cellphone providers are researching a methodology to encrypt cell phone signals to ensure privacy of conversations and prevent unauthorized access, cellphone manufacturers are already adding security features to their handsets. This idea is not new, but after the events surrounding the investigation of the San Bernadino shooting (contained in the case FBI v Apple), phone security and privacy issues are at the forefront of business thought.
Business runs on communication networks; security programs protect information and require monitoring, evaluation and upgrades in order to maintain a high level of information security and integrity. There are specific companies that offer security software and larger organizations may have internal security teams develop proprietary protection software. Opportunities abound.
Employment Opportunities – Job Duties, Public Sector
The National Security Agency (NSA) is considered to be “security central” when it comes to cyber-security. Protection of data is critical within governmental agencies, military and federal law enforcement teams. Security software developers will help deploy a defense around data and communication networks to ensure the protection of all conversations (voice, text and email) within governmental agencies.
Each branch of the military requires data and information security similar to that of the NSA, with the additional level of importance being the national defense. Troop/personnel orders, statistics and locations must be shared with appropriate individuals and kept away from enemy combatants. Launch codes, weaponry locations and other critical data must be protected as well.
The security software developer’s role is rapidly changing and expanding. In order to maintain security of information and data, the security software developer’s role is vital. Because the nature of the business is so complex and changeable, the developer is always learning. This is a role that has universal application and a never-ending learning curve!