In the last year, an increasing number of organizations cut product security budgets, resulting in layoffs in DevSecOps (development, security, and operations) and Product Security Engineer roles. According to recent data, 40% of companies planned to make security headcount cuts, even though 50% of organizations saw system vulnerabilities increase, and over 80% were concerned about financial and reputational damage from breaches.
There was a year-over-year decrease of 43.07% in the number of DevSecOps job postings and a 57.53% decrease in Product Security Engineer job postings, according to our Cybersecurity Job Posting Data Report 2024. With average salaries of $193,333 for DevSecOps and $208,333 for product security engineer jobs, it’s understandable that organizations taking a purely financial perspective would make cuts in these departments. However, these roles are vitally important in ensuring the security of digital products and preventing data breaches that can cost companies far more than they would save by cutting security budgets.
Product security is an essential aspect of cybersecurity that focuses on securing products’ design, development, and delivery. This security discipline encompasses both hardware and software management and covers threat modeling, code reviews, penetration testing, and regular security updates. With data breaches increasing, the work provided by Product Security Engineers and DevSecOps professionals are arguably more important than ever. According to our Cybersecurity Job Posting Data Report 2024, there were 50,626 product security job postings in 2023, with 3,981 specifically for product security engineering and 39,052 for DevSecOps. As Deidre Diamond, Founder and CEO of CyberSN, noted, “The amount of breaches that we are going to see and have already started to see from this reduction is alarming.”
This increase in data breaches underscores the critical need for robust security measures and specialized roles that can address both immediate vulnerabilities and long-term security strategies.
Product Security Engineers play a pivotal role in identifying and addressing software and hardware products’ vulnerabilities. Working with software engineering and product teams, they support secure development practices’ implementation as well as regular assessments, threat modeling, architecture, design, security verification, and defining various products and tools’ security standards.
This helps prevent or mitigate data breaches and cyberattacks, such as those experienced by companies around the world in recent years. For instance, in March 2024, a data breach at Tile, the Bluetooth tracker company, potentially exposed customer information, including email addresses, hashed passwords, and the last known location of their Tile devices. This incident underscores the need for strong security measures to protect sensitive user data.
Learn more about a Product Security Engineer's functional role.
DevSecOps is an application development practice implemented by DevSecOps professionals to automate the integration of cybersecurity at every stage of the software development lifecycle. These professionals use a combination of programming knowledge, threat management, and communication skills.
The main benefits of DevSecOps include faster detection and remediation of security issues, improved collaboration between development and security teams, and reduced time-to-market for secure products. As emphasized by Anshu Bansal, Founder and CEO of CloudDefense.AI, in a recent Forbes article, "DevSecOps is the non-negotiable key to building secure and resilient applications that can withstand modern and sophisticated cyber threats"
Learn more about the functional role, DevSecOps.
Cutting product security budgets can significantly impact an organization. Some of the potential consequences of reducing investment in product security and layoffs in DevSecOps and product security engineer roles include increased vulnerability to cyber threats and damage to the company’s reputation.
Without investing appropriately in cybersecurity, it becomes increasingly difficult for organizations to keep up with cyber attackers’ new methods and tools capable of infiltrating multi-cloud systems and retrieving sensitive data.
Future-proofing your security strategy requires taking proactive measures to stay ahead of evolving threats and maintain a resilient security posture. You also need to anticipate future trends and challenges in product security and DevSecOps.
Some emerging trends include autonomous systems integration and self-service infrastructure, security as code (SaC), and infrastructure as code (IaC). Some potential challenges include complexity and continuous change.
With more than 65,000 cybersecurity professionals in our network, CyberSN offers workforce solutions you can leverage to acquire, retain, develop, and diversify your cyber teams. We can support you in swiftly identifying and bridging staffing gaps, amplifying your cybersecurity team’s effectiveness, and adapting rapidly to evolving cyber threats.
Learn more about our cybersecurity workforce solutions.
Given the alarming increase in cyberattacks, organizations must prioritize addressing their cybersecurity talent gaps to safeguard against cyber risks. It's crucial to note that being understaffed not only exacerbates vulnerabilities but also contributes to burnout among existing personnel. This burnout, in turn, can lead to lapses in vigilance, increasing the likelihood of breaches.
CyberSN offers staff augmentation and talent retention solutions to help identify and fill these gaps.
Cybersecurity contract and contract-to-hire services are an ideal solution for companies facing budget constraints. These services allow your organization to fill critical DevSecOps roles on a temporary basis before making long-term commitments. You can leverage these services to address staffing gaps without compromising your company’s security posture.
These solutions give security leaders a 360 degree view into their talent gaps, empowering them to make informed decisions. By focusing on retaining and developing skilled cybersecurity talent, operations can be significantly enhanced, ensuring a robust and resilient security infrastructure.. Our recent blog post explains more. CyberSN’s talent retention support also ensures that your business successfully closes this gap.
Learn more about how we enhance operations with talent retention and development.