How to Make Your Devs Care About Security

From ‘Not My Job’ to ‘Let’s Do This

Author

Damilola Akinsola
March 20, 2025

Let’s be honest: Getting developers to prioritize security isn’t easy.

They’re focused on shipping code, meeting deadlines, and building features. Security? That’s often seen as a roadblock—something that slows them down or gets in the way.

They’re busy. They’re focused on shipping code. And let’s face it—security isn’t exactly the most exciting part of their job.

But here’s the thing: Security isn’t optional. And bribing your team with pizza (or tacos, or donuts) only gets you so far.

So, how do you make security something your devs actually care about? Let’s break it down.

Why Devs Don’t Care About Security (And It’s Not Their Fault)

Before we fix the problem, let’s understand it:

  1. It’s Not Their Job (Or So They Think)

    • Devs are measured on shipping features, not fixing vulnerabilities.

    • Security feels like someone else’s problem—usually yours.

  2. It’s Boring (Let’s Be Honest)

    • Writing secure code doesn’t have the same thrill as building a shiny new feature.

  3. It’s Hard

    • Security tools are often clunky, slow, and full of false positives.

    • Who has time to wade through 500 vulnerability alerts?

How to Make Security Cool (Yes, It’s Possible)

Here’s the good news: You don’t need to bribe your devs to care about security. You just need to make it part of their DNA. Here’s how:

1. Bake Security Into Their Workflow

  • Integrate security tools directly into their CI/CD pipeline.

  • Use tools like Snyk or Checkmarx to catch vulnerabilities before code goes live.

    Pro tip: Automate as much as possible. The less manual work, the better.

2. Gamify It

  • Turn security into a challenge. Who can find the most vulnerabilities this month? (Bonus points for cool prizes.)

  • Create a “Security Champion” program to recognize devs who go above and beyond.

3. Show Them the Impact

  • Share stories of real-world breaches (like the Twitter API hack).

  • Explain how insecure code can hurt users—and the company.

  • Make it personal: “This isn’t only about compliance but also about protecting real people.”

4. Make It Easy

  • Provide clear, actionable guidance. No one wants to read a 50-page security policy.

  • Offer training that’s actually useful.

5. Lead by Example

  • If leadership doesn’t care about security, why should the devs?

  • Show that security is a priority at every level of the organization.

Your Action Plan

  1. Start Small: Pick one security tool or process and integrate it into your workflow.

  2. Gamify It: Create a friendly competition or recognition program.

  3. Educate: Share real-world examples to show why security matters.

Need help? Let’s jump on a call and brainstorm how to make security stick:
👉 Book a Free Strategy Session here

Final thoughts

Making security a priority for your devs starts with the right mindset, the right tools, and the right culture. The small, consistent steps you take add up over time.

👉 Follow me on LinkedIn for more tips, tricks, and occasional rants about API security.
 

Talk Soon,
Damilola.

P.S. If you’ve got a secret tip for getting devs to care about security, hit reply and share it. I’ll feature the best tips in a future newsletter. 🚀