Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

70% of DevOps Pros Say They Didn't Get Proper Security Training in College

Veracode survey shows majority of DevOps pros mostly learn on the job about security.

Demand for DevOps is rapidly rising throughout corporate America and beyond, but the vast majority of programmers in this field feel their college education failed to provide them with sufficient security training, leaving them to largely learn their most relevant skills on the job.

According to Veracode's 2017 DevSecOps Global Skills Survey, which queried 400 DevOps professionals worldwide, 70% say their college training did not prepare them to be successful in DevSecOps. And given the inadequacy of the security training they received, 65% learned their most relevant skills while on the job, they say.

Additionally, some 80% of survey respondents with a bachelor's or master's degree say they lacked cybersecurity skills prior to entering the workforce.  

"Anecdotally, some of my employees told me they received some security training in college, but it was more like it was an afterthought. There might be a lecture on security here or there, but it was not part of every assignment," says Maria Loughlin, senior vice president of engineering at Veracode. "I think they should make security part of every assignment."

A whopping 85% of survey respondents say they are either somewhat prepared or not at all prepared to securely deliver software at the speed that is usually performed for DevOps, according to the report.

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Connoryk
50%
50%
Connoryk,
User Rank: Apprentice
8/25/2017 | 4:59:05 PM
Re: The flipside
Universerity of Denver, Colorado (School of Business) launched a cyber risk management course three years ago. The course is part of the Risk Management and Insurance program and covers the dark side of the digital era, including risk management techniques applicable as part of entperise wide risk management/cyber risk management frameworks. Not suprisingly, the curriculum is updated every year. Teaching cyber risk management is both a dynamic and challenging effort given the inability to rely on static information (textbooks, models, etc.). Nevertheless, the class is in high demand and the graduates report the class assists in their resume'positioning and post graduate job success.

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/23/2017 | 8:51:34 PM
Training
This is an issue that has started to get more attention, particularly with business, nonprofit, and public-sector partnerships through organizations like MIT's IC(3). Business and government want to see more cybersecurity coursework offered in colleges because they're currently in the position of having to compete for the talent that's out there and/or invest resources in training people themselves.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/18/2017 | 9:12:05 AM
Re: The flipside
This is is something a new career field - not as long as computers in general (anybody remember what a Novell CNE was!!)  I would wager that most security professionals just fell INTO the career from some other field in the computer support industry.  Our job path led us there.
WCLoehr
100%
0%
WCLoehr,
User Rank: Strategist
8/17/2017 | 12:10:33 PM
The flipside
What would be interesting to know some more about is for the small minority that did get security training in college. How was it structured? What it dedicated courses or was the security education woven into other classes? 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19594
PUBLISHED: 2019-12-05
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
CVE-2019-19595
PUBLISHED: 2019-12-05
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
CVE-2019-3690
PUBLISHED: 2019-12-05
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.
CVE-2013-0243
PUBLISHED: 2019-12-05
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
CVE-2018-10021
PUBLISHED: 2019-12-05
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate c...