It’s natural for programmers to go deep in a few specific areas — to have that super-skillset. Most languages and frameworks are very rich. It’s realistic to have truly deep knowledge in only a few of them.

For myself, my strength is in distributed computing. Actor systems and cloud-native architecture, to be specific. And to get even more specific, Scala and Elixir are my two languages of choice — which means I know Scala and Akka, and Elixir and OTP, really, really well. And certainly these two languages and frameworks are rich enough to build a career on.

But too much specialization can be a bad thing. What happens as technologies age? Once upon a time C++ was the hot new language. Before that, Pascal. Right now, you can absolutely have a strong career in Java, but new languages are disrupting the status quo. If you want to work in AI or ML, you’ll likely be working in Python, R, or a functional language (like Scala or Elixir!).

Ok, so, diversification is good. Building up a broader skill base — but how do you know which one?

I’m not suggesting to start picking up new languages left and right. Being strategic about where you invest your time is important. Right now it seems like everyone is jumping on the AI bandwagon. And yes, I totally agree there are fantastic applications for AI and ML. But ultimately, AI is a niche that your next project may or may not exploit.

Instead, look for something ubiquitous. Look for something that every employer and every customer is going to want.

In today’s world, security is such a skill. But security itself is a really deep rabbit hole to vanish in — and possibly a career choice in and of itself. Having the knowledge and experience to just secure and manage AWS (for instance) is enough to keep anyone busy full time.

Yet, security threats are exploding exponentially — and customers and businesses today are more and more concerned with injecting security at all stages of development.

The real threat

“Back in the day” playing war-games with a computer seemed like a pretty exotic, futuristic idea. At the time our fears — abstract as they were — had us worrying about computers taking over and doing something terrible, like launching a nuclear war. Remember the 1982 Wargames movie with Mathew Broderick? 40 years later we’re still worried about computers taking over. Personally, I think worrying about autonomous AI is a bit premature.

So what should we all be thinking about? Every single day, black hats, hackers and identity thieves are trying to break in. They might be after your bank account, or maybe they're trying to take down the national power grid.

And they are succeeding. Every day.

Just this month I learned about four successful identity theft incidents in my personal network. Two family members, and two coworkers were compromised and had to deal with the aftermath — costing them each days of effort and headache dealing with law enforcement, their financial institutions, and service providers.

In response, businesses have no choice but to up their security game. Threats are coming out of the woodwork, and it’s just going to get more intense. And yes, machine learning and AI tools are going to make it worse, but not because the robots are taking over. Instead, the hackers are getting new tools, their attacks are getting more sophisticated, and the war between the black hats and the white hats is escalating.

McKinsey published a detailed report on the cyber threat landscape back in 2012, noting that it was “not exhaustive.” Even as a “not exhaustive” analysis it’s a sobering exposé on potential threat vectors.1

Attackers will inevitably penetrate your defenses. How effective are you at building security and response strategies into your code? How quickly can you respond to a threat?

I think one of the best capabilities to add to your resume is cybersecurity. Having a foundation in AWS or Google cloud security, or a Kubernetes security certificate is valuable. I’m always recommending my team pick up these skills — it’s good to think about security. “Security is everyone’s job,” is something I’m constantly repeating.

But training alone is only half that battle. Training is very focused and specific. That Kubernetes certificate will teach you how to configure Kubernetes, but it won’t teach you to think like a hacker. It won’t teach you to be constantly vigilant about potential security flaws (although it might help a bit).

It won’t teach you how to inject security at every stage of your product development pipeline.

What to do about it

Wargaming has been around for a long time. Real world wargaming has its roots in military culture and is alive and strong today. A lot of strategies adopted by the military have been taken up in the cyber warfare arena.

The National Security Agency, United States Military, and other government entities use cyber wargaming exercises to test their offensive and defensive capabilities, and MIT has a security studies program focusing on war games.

We should be thinking about cyber threats and doing something about it every day. Programmers, DevOps engineers, product owners, and project managers need to hear the call to action. We need to be integrating security into our day-to-day job.

It’s actually pretty easy to do, starting with a few tactical, everyday practices that everyone can bring to work.

Wargames

Why not wargame our own cybersecurity practices? This kind of wargaming isn't new, but it's not widely adopted. Yet it’s one of the most effective ways to harden our own systems against attack.

We can start with ourselves, with a few easily available resources. In fact, picking up some basic hacking skills (and the security awareness that comes with it) is easy, especially if you like solving puzzles.