"If you're not being taught how to code securely at a university, how can you expect that a developer at a new company will create secure code?" he says. "That type of code usually ends up in a production system."
Both agree that a good security tester needs a strong sense of curiosity - and assert that actually, children are natural pen-testers.
Steven recalls installing Ubuntu on his laptop: "I always lock my system before I step away from it, and my son crawled behind my system. All of a sudden, I saw him have a window open. What the hell did he do? He managed to find the guest account, and he got in from that! He had no clue what he did.
"You have to have this innate curiosity for things. Most of the other things can be taught, but this curiosity is something you must have."
Source: Computerworld UK
Sign up for CIO Asia eNewsletters.