Today the White House convened the White House Cyber Workforce and Education Summit to gather government and private-sector leaders to discuss how to address the labor shortage and other challenges for U.S. cybersecurity. The meeting included the nation’s top cybersecurity and workforce policy decision makers, including the National Cyber Director and the Cabinet secretaries from the Departments of Commerce, Homeland Security, and Labor and the Under Secretary of Education. 

Jim Zemlin, Executive Director of the Linux Foundation, was invited to participate.

During the meeting, Jim emphasized the need to “shift left” security training and best practices as much as possible. Addressing security at the beginning of the technology supply chain is more efficient and effective – it is being proactive rather than reactive. This begins with providing open source practitioners with the knowledge and skills to build security into the development of the software we all depend on.  

Addressing security at the beginning of the technology supply chain is more efficient and effective – it is being proactive rather than reactive.

He emphasized the commitment of the Linux Foundation to partner with industry leaders to provide no cost or low cost training and certification in cybersecurity beginning with our Developing Secure Software course, which is 15 hours of training across 3 modules (security principles, implementation considerations & software verification). The goal is to teach software developers how to develop more secure software from the beginning because that is much more efficient than finding and remediating vulnerabilities.

Since launching it this spring, over 10,000 students have started the course and over 1,000 completed it and received their verifiable certification. But this is just the beginning. Over the next few months, the Linux Foundation will launch new courses and certification exams on topics such as: 

Sigstore
Software Bills of Materials (SBOMs) 
Air Gap Software Delivery 
DevSecOps

Addressing cybersecurity challenges through investments in the workforce is about more than hiring and training more cybersecurity professionals. Providing effective training for individuals involved at all points in the software development lifecycle is key to success – kind of like building security into a building at the beginning rather than just hiring security guards to protect it. 

Providing effective training for individuals involved at all points in the software development lifecycle is key to success – kind of like building security into a building at the beginning rather than just hiring security guards to protect it. 

The goal of building a more robust cyber workforce is part of the recommendations developed earlier this year after the White House-convened Open Source Software Security Summit in February and a follow-up Summit in May. You can read about the recommended 10 streams of investment and the entire Open Source Software Security Mobilization Plan here. And consider joining the OpenSSF to help make our software supply chain more secure by building an expert community, targeted initiatives, and best practices.

We encourage you to  enroll in the Developing Secure Software training from the OpenSSF. It is free for everyone through Linux Foundation Training & Certification. You can also enroll through edX for free in audit mode or with a verified certificate of completion for an additional fee.