Current challenges

Shortage of skilled professionals. According to the Russian Ministry of Digital Development, Communications and Mass Media, Russia faces a shortage of 500,000-700,000 people with IT expertise, whereas the industry itself indicates a deficit of no more than 100,000 specialists along with ever-increasing competition for tech talent. 

On the other hand, the head of the Center for Information Security at Innopolis University Sergei Petrenko notes that newly-graduated specialists often fail to meet market requirements.

Brain drain. Many IT specialists have left the country since 2022 yet about one-in-five people who migrated in early 2023 have returned, as stressed by the expert. 

Advances and import substitution. Since 2020, Russia has been implementing a state program entitled Information Society. The program is aimed at preventing information security threats, as well as ensuring affordable and high-quality communication services and access to information and telecommunication networks.

Furthermore, Russian President Vladimir Putin has ordered Russian banks to replace foreign-branded software products with domestic alternatives by 2025. As noted by Sergei Petrenko, 95% of the software and 65% of the hardware used by the banking sector today is imported. 

Jobs in high demand

The expert believes that DevSecOps engineers – leaders and developers who can implement software and coordinate programmers, system administrators, and cybersecurity specialists – are in the top of in-demand IT jobs today.

“Nowadays, most Russian companies switched their focus towards internal software development. Therefore, it became crucial to increase the quality and security of software, as well as accelerate the development process, by assembling internal development teams and incorporating proprietary production. Such teams include from 500 to 30,000 internal and external experts – as well as their own set of methods for automated app deployment in different environments. To introduce DevSecOps practices into the process, today’s teams need architecture specialists, developers, technologists, testers, and DevSecOps engineers,” shared Sergei Petrenko. 

Sergei Petrenko. Photo by Dmitry Grigoryev / ITMO.NEWS

Sergei Petrenko. Photo by Dmitry Grigoryev / ITMO.NEWS

DevSecOps engineers define and monitor security requirements, manage vulnerabilities, design security patterns, implement secure coding standards, and tackle other tasks. To do this, specialists must be able to conduct static code and dynamic analysis, operate web application firewalls (WAFs), and more. 

How to train new specialists

Nowadays, the main source of training in DevSecOps is through online courses, which, in Petrenko’s opinion, cannot produce qualified experts, as opposed to designated educational programs, which should be implemented at universities. 

“Starting from their second or third year, students should be able to build their learning tracks based on the trends of the country’s leading economy sectors and their own internship experience. They should participate in grants and projects of digital companies in priority development areas such as engineering software, management systems, enterprise resource planning systems, et cetera,” stated Sergei Petrenko.

The conference on information security in St. Petersburg. Photo by Dmitry Grigoryev / ITMO.NEWS

The conference on information security in St. Petersburg. Photo by Dmitry Grigoryev / ITMO.NEWS

Another change needed to ensure quality training is to alter the model for selecting and retaining infosec specialists at companies. This can be achieved by selecting team members for the customer’s tasks among trainees, retraining juniors and adapting middles to new stacks and technologies, creating individual educational programs tailored to a company’s needs, and also increasing the recognition and value of a company’s HR brand.

Sergei Petrenko delved into more detail about current trends at the conference on information security in St. Petersburg, which took place at ITMO University on October 5-6. The conference was co-organized by the interregional public organization “Association of Chief Information Security Officers” and ITMO University. The event covered a range of topics, including digitalization trends, quantum technologies, machine learning, artificial intelligence, cybercrime, and others. One of the days featured a science session on AI-assisted security of complex technical systems. Among the speakers were employees of ITMO University and infosec companies: Kaspersky Lab, Kiberprotekt, SearchInform, and many others.