What I’m finding, though, when working with infosec teams around the globe, is that there’s a bit of apathy toward coding skills. Well, you heard it here, folks:

90% of your security problems are related to bad code, somewhere down the line.

And being a paranoid type, and a bit of a worrier about THINGS, I fear we’re losing some Kung Fu. What does the next generation of security folks look like? From what I can see, they’re even LESS inclined to code. This, in my opinion, is a problem.

If you're in appsec it doesn't fly now. It doesn't mean you have to be a full, real-deal developer, but you need to not be afraid of it, and you need the builder's mindset.