Application Security

8/17/2017
10:00 AM
50%
50%

70% of DevOps Pros Say They Didn't Get Proper Security Training in College

Veracode survey shows majority of DevOps pros mostly learn on the job about security.

Demand for DevOps is rapidly rising throughout corporate America and beyond, but the vast majority of programmers in this field feel their college education failed to provide them with sufficient security training, leaving them to largely learn their most relevant skills on the job.

According to Veracode's 2017 DevSecOps Global Skills Survey, which queried 400 DevOps professionals worldwide, 70% say their college training did not prepare them to be successful in DevSecOps. And given the inadequacy of the security training they received, 65% learned their most relevant skills while on the job, they say.

Additionally, some 80% of survey respondents with a bachelor's or master's degree say they lacked cybersecurity skills prior to entering the workforce.  

"Anecdotally, some of my employees told me they received some security training in college, but it was more like it was an afterthought. There might be a lecture on security here or there, but it was not part of every assignment," says Maria Loughlin, senior vice president of engineering at Veracode. "I think they should make security part of every assignment."

A whopping 85% of survey respondents say they are either somewhat prepared or not at all prepared to securely deliver software at the speed that is usually performed for DevOps, according to the report.

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Connoryk
50%
50%
Connoryk,
User Rank: Apprentice
8/25/2017 | 4:59:05 PM
Re: The flipside
Universerity of Denver, Colorado (School of Business) launched a cyber risk management course three years ago. The course is part of the Risk Management and Insurance program and covers the dark side of the digital era, including risk management techniques applicable as part of entperise wide risk management/cyber risk management frameworks. Not suprisingly, the curriculum is updated every year. Teaching cyber risk management is both a dynamic and challenging effort given the inability to rely on static information (textbooks, models, etc.). Nevertheless, the class is in high demand and the graduates report the class assists in their resume'positioning and post graduate job success.

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/23/2017 | 8:51:34 PM
Training
This is an issue that has started to get more attention, particularly with business, nonprofit, and public-sector partnerships through organizations like MIT's IC(3). Business and government want to see more cybersecurity coursework offered in colleges because they're currently in the position of having to compete for the talent that's out there and/or invest resources in training people themselves.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/18/2017 | 9:12:05 AM
Re: The flipside
This is is something a new career field - not as long as computers in general (anybody remember what a Novell CNE was!!)  I would wager that most security professionals just fell INTO the career from some other field in the computer support industry.  Our job path led us there.
WCLoehr
100%
0%
WCLoehr,
User Rank: Strategist
8/17/2017 | 12:10:33 PM
The flipside
What would be interesting to know some more about is for the small minority that did get security training in college. How was it structured? What it dedicated courses or was the security education woven into other classes? 
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.