Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive. By Danny Allan, CTO of Snyk
Savvy developers are adopting new tools and technologies to
make their workflows more conducive to the pace of innovation that modern
enterprises necessitate. Leaders push their developers to be more
groundbreaking, more creative and more solution-oriented, but the question
remains if leaders and developers alike are prioritizing this rapid innovation
with a security-focused mindset. As we step into 2025, the industry faces a
critical turning point: once and for all, shifting security left in the software
development lifecycle. To address the mounting challenges emerging from
increasingly sophisticated cyber threats, the developer community must embrace
this foundational shift and make it an integral part of the development
process.
A Secure Future Starts with
Security-Focused Developers
As people, we collectively love to create more than we want to
fix what's broken. It's why many developers gravitate to careers in product
development rather than cybersecurity. However, in 2025, we'll all need a
mindset grounded in shift-left, security-first thinking.
This shift is essential because the software industry has
transformed from the era of full-stack developers - those who once understood
each layer of application development end-to-end - to a specialized ecosystem.
Specialization has widened gaps in foundational security knowledge,
particularly among junior developers entering an industry increasingly
dependent on generative AI (GenAI) tools. In fact, a recent survey
showed that less than half (44.8%) of organizations provided AI coding tool
training to the majority of their developers, emphasizing this gap is widening
as new GenAI tools are adopted. While these tools accelerate development, they
often miss larger security concerns, leading to code that lacks proper security
standards.
This challenge is further complicated by a disconnect between
junior developers' education and the training available to those specifically
pursuing cybersecurity-focused degrees. Research
shows that out of the top 50 computer science programs in the US, only three
require a cybersecurity course for graduation. There is another issue that
further compounds this problem: coding languages have become more abstract.
Because of this, there's been less of a focus on understanding all the levels
of development, and junior developers simply have less security knowledge
compared to their predecessors.
I anticipate that as more high-profile cyberattacks occur in
2025 and security becomes a more mainstream topic, the number of professionals
seeking a cybersecurity degree will increase. I also expect a computer
science education will incorporate more security requirements as a fundamental
learning block to keep up with industry needs. This shift will naturally bring
in more junior developers who inherently have the security-focused mindset and
allow the industry to once and for all, truly shift left.
Security Won't Become
Invisible to the Developer in 2025, but it Will Become Easier to Manage
Right now, developers are primarily tasked with creativity
-building things - but security will become part of their remit with the shift
left. In 2025, we'll see security largely given over to the security operations
team, guided much more by AI in every part of the software development
lifecycle.
AI will help security and policy teams understand where they
need to spend their attention, which will help remove the burden and cognitive
load from developers. However, this will only happen for those organizations
that put in place strong DevOps practices providing consistency and
checkpoints, especially for GenAI. Leaders taking this seriously will have
board groups devoted to security and governance along with the governance
solutions in place to support policy.
When done well, many of the common repetitive, painful security
tasks that have existed for the last 20 years will become much less visible to
developers and the wider organization. We'll see more organizations giving
security workloads to platform engineering teams who will set up guardrails on
the ‘paved path'. As a consequence, developers will finally get a reduction in
their cognitive load, unlocking greater innovation and time-on-task.
Bridging the Gap Between
Speed and Security
The future of software development hinges on bridging the gap
between speed and security. Leaders shaping those already in the field, and
educators shaping those coming into the field, should empower their teams and
students with the tools, training and practices to think like security
professionals. This will allow organizations now and in the future to unlock a
new era of secure and groundbreaking innovation. Like 2024, 2025 will be a
rapid year of change, with new AI-driven solutions that will lighten developers'
security burdens and enable them to focus on what they do best: creating.
However, this change begins with a commitment from all, across the industry, to
foster a security-first mindset and to ensure every line of code brings us
closer to a secure, innovative future.
##
ABOUT THE AUTHOR
As CTO, Danny leads end-to-end ownership of Snyk’s current core offerings and roadmap, as well as the company’s near-term platform vision. Before joining Snyk, he was CTO at Veeam and Desktone (acquired by VMWare) and Director of Security Research at IBM. In his free time, he loves scuba diving, cycling, and hockey (like a true Canadian!).