How to make a Unicorn: Finding Cybersecurity Talent in the Real World

Another day, another high-profile security incident. Forty percent of all data breach incidents occur from attacks on web applications. With DevOps accelerating the pace at which software is developed and deployed, it’s critical to integrate proper security thinking into the DevOps process. Without this, rapid software development can introduce security flaws.

The cybersecurity labor crunch is expected to hit 3.5 million unfilled jobs by 2021. So where do you turn for help when the demand for qualified cybersecurity professionals is high, but the supply is low?

In addition, all security professionals aren’t created equal. How do you identify the security skills needed in DevSecOps?

AppSec engineers have been called unicorns, and in this talk we will make these mythical creatures a reality and discuss: * The skills needed to be a successful AppSec engineer * Scenarios in which these skills are used in DevSecOps * How to identify and groom talent within your own organization * Ways to scale your team



Franklin Mosley


As a young child, I was introduced to computers, and they became my passion. I began writing programs, and by the age of 10, I knew what I wanted to do when I “grew up” without understanding how computers and technology would influence our world in the future.

Fast forward to present times, and we live in a digitally connected world. Innovations have improved business and personal technology while increasing productivity. Unfortunately, this has also lead to opportunities for, and an increase in, cyber threats. According to a 2013 report, over 552 million identities were exposed via breaches, and there was a 62% increase in the number of breaches over the previous year.

As a 16-year experienced Information Security professional, I have helped businesses counter threats. I have assessed applications for security risks, and implemented security controls. Having also been a software engineer, in an earlier part of my career, as well as still writing code for fun and the challenges, my focus on application security is a natural place for me to practice, and has become my passion.

In recent times, I’ve become involved with, and very interested in, DevOps/DevSecOps. This way of software delivery has me looking for ways to improve processes, while still ensuring that teams are delivering secure software.