Recruiting AppSec Talent


AppSec and InfoSec talent are difficult to find these days, for several reasons. It is a challenge for industry to accept professionals who are unhappy with their current employment, and would like to work in security, but only have experience in other areas of business. There are also many people just starting out in industry, and with no track record they cannot prove to a potential employer what they can achieve.

All the while, there is a lack of, and high demand for, professionals who can get the AppSec job done.


  • What can be done to improve the talent pool?
  • What is the best way to connect employees and employers?
  • Should recruitment agencies have a more proactive role in creating talent and finding job opportunities?
  • What should the career path be for developers who want to move into security?
  • What is the role of universities and work placements?
  • How can hiring managers efficiently judge a candidate‚Äôs abilities and potential?
  • What are essential requirements, and what can be ignored?
  • How can a candidate show their worth to a prospective employer, without violating NDA on their previous work?
  • How to make an employer, and specific positions, more attractive
  • What can be done to improve morale and increase retention?
  • What are common career paths into AppSec and InfoSec? How can newbies break into the field, and how can senior practitioners advance?
  • What effects do globalisation and remote working technologies have on recruitment?

Need to consider what will be the output of this session.


The target audience for this Working Session is:

  • AppSec team leads
  • Technical managers
  • Senior employees
  • Freelancers
  • Recruitment agencies
  • Human resources
  • Universities

Related Working Session(s)

Back to list of all Working Sessions and Tracks

Edit this page here