• United States



Chief Executive Officer, Security Innovation

The time for application security certification is now!

Dec 20, 20102 mins
CareersData and Information SecurityIT Leadership

For years everyone from Mary Ann Davidson (CSO or Oracle) to OWASP to DHS (in their “Build Security In” initiative with SEI) have been bemoaning the fact that our universities do not adequately train software engineering and computer science students on secure coding practices (and in most cases not at all.)  Even I have written and presented on the topic, calling for better training and awareness and complaining that industry shouldn’t have to bear the burden of educating software engineers on security. Well, I was wrong.

There are a few universities who are now starting to include security courses in their degree or certificate programs; however, that will take a very long time to propagate throughout industry and the penetration of such courses is still very small. Mary Ann Davidson even offered to give preferential hiring treatment at Oracle to schools who demonstrated security training as part of their  Computer Science and Software Engineer programs — and got a pathetically weak response. Go figure.

I have never been a big fan of personal certifications; however, it is a model that works. Individuals like to own them, and companies like to hire employees who possess them. Cisco’s certifications for networking professionals and the now seemingly omnipresent CISSP ensures at least a minimum level of expertise in security disciplines. However, we still lack a practical and meaningful certification for anything related to application security.  

More thoughts on this coming…

Chief Executive Officer, Security Innovation

Ed Adams is a software executive with successful leadership experience in various-sized organizations that serve the IT security and quality assurance industries. As CEO, Mr. Adams applies his security and business skills, as well as his pervasive industry experience in the software quality space, to direct application security experts to help organizations understand the risks in their software systems and develop programs to mitigate those risks. The company has delivered high-quality risk solutions to the most recognizable companies in the world including Microsoft, IBM, Fedex, ING, Sony, Nationwide and HP.