Companies are accelerating the deployment process — that is, reducing the time to create and distribute software — and releasing new versions of apps at an ever-faster pace.
What many people do not know is that this speed is not always beneficial, as it can make systems more vulnerable to various types of cyberattacks, since there isn’t always enough time to conduct rigorous security testing before launch.
However, timing is not always the only determining factor for an application to function without failures and securely. What worsens this situation even further is the scarcity of qualified professionals to protect this entire digital ecosystem. As risks grow, there is a shortage of qualified people to ensure the security of applications. According to the studyCybersecurity Workforce Study 2024, of ISC² – International Information System Security Certification Consortium — a non-profit organization dedicated to the training and certification of information security professionals, the global deficit of cybersecurity professionals has already surpassed 4.8 million — with the AppSec area among the most critical within this gap.
"Companies that neglect application security face significant financial, reputational, and legal risks. However, many that demonstrate a true commitment to investing in the area often face a shortage of qualified professionals to provide the necessary support on this journey," says Wagner Elias, CEO of Conviso, a developer of a solution for application security (AppSec).
In Brazil, the situation is no less alarming. Fortinet estimates that the country needs approximately 750,000 cybersecurity specialists, while ISC² warns of a potential shortfall of 140,000 professionals as early as 2025. This combination shows that, while the country tries to fill hundreds of thousands of jobs, there is a concrete and urgent gap of qualified professionals in application security, operations, and governance.
“The demand for qualified professionals far exceeds the available supply. In light of this, many companies, without time to wait for traditional training, opt to invest in their own training programs,” explains Elias.
An example is Conviso Academy, an initiative by Conviso, a Curitiba-based company specialized in application security, and which recently acquired Site Blindado. The Academy was born to solve a real market problem: the shortage of professionals in AppSec. "So we decided to train these talents!" explains Luiz Custódio, instructor at Conviso Academy.
“A Academy is no longer a bootcamp with recorded classes for hundreds of people. The cohorts are small, with synchronous sessions every week. From the first module, participants work on real problems, facing challenges in threat modeling, secure architecture and secure coding, exactly as AppSec teams do on a day-to-day basis,” says Custódio.
The CEO also highlights that "Behind this model, Conviso invested in methodological planning to structure an educational approach aligned with the real needs of training security professionals. And this methodology is guided by the idea that education does not merely consist of theories or practices, but of experience."
Throughout the modules, participants learn, for example, to map and prioritize threats that may impact business continuity, evaluate and propose secure architectures for web, mobile, and cloud applications; implement secure development practices integrated with DevSecOps and build a secure pipeline, automating checks without slowing down deployment.All of this reinforcing the principle ofshift left, that is, bringing security to the earliest stages of the development cycle, where it is more effective and less costly.
“The result is not only technical, it is knowing how application security protects and creates value for companies, prepared to speak with stakeholders, translate risks and help teams deliver software securely,” reinforces.
In practice, it works like this: the participant is already getting hands-on from the start, developing not only technical security skills, but also essential soft skills such as communication, teamwork, and the ability to learn independently.
"We take what people already know, connect it with what they need to learn, and they realize that AppSec isn't a nightmare. The instructor isn't the protagonist, he's a mediator, helping to build and flesh out solutions that the participants themselves develop," says the instructor at Conviso Academy.
In the first class, more than 400 registrations were recorded. However, as the class is restricted to ensure quality, only 20 spots are opened per edition, with 30% to 40% reserved for minoritized groups (women, Black people, the LGBTQIAPN+ community).
The focus is on people who want to enter the AppSec field, even if they are not yet in the job market. It is not necessary to have a degree or a minimum age, but you need to have a real willingness to learn and to challenge yourself, says Custódio.
According to the institution's administration, registrations are open for the second cohort of the training program, with a start date scheduled for 2026. Interested parties can access the website for more information:https://www.convisoappsec.com/pt-br/conviso-academy
