Application Security

8/17/2017
10:00 AM
50%
50%

70% of DevOps Pros Say They Didn't Get Proper Security Training in College

Veracode survey shows majority of DevOps pros mostly learn on the job about security.

Demand for DevOps is rapidly rising throughout corporate America and beyond, but the vast majority of programmers in this field feel their college education failed to provide them with sufficient security training, leaving them to largely learn their most relevant skills on the job.

According to Veracode's 2017 DevSecOps Global Skills Survey, which queried 400 DevOps professionals worldwide, 70% say their college training did not prepare them to be successful in DevSecOps. And given the inadequacy of the security training they received, 65% learned their most relevant skills while on the job, they say.

Additionally, some 80% of survey respondents with a bachelor's or master's degree say they lacked cybersecurity skills prior to entering the workforce.  

"Anecdotally, some of my employees told me they received some security training in college, but it was more like it was an afterthought. There might be a lecture on security here or there, but it was not part of every assignment," says Maria Loughlin, senior vice president of engineering at Veracode. "I think they should make security part of every assignment."

A whopping 85% of survey respondents say they are either somewhat prepared or not at all prepared to securely deliver software at the speed that is usually performed for DevOps, according to the report.

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Connoryk
50%
50%
Connoryk,
User Rank: Apprentice
8/25/2017 | 4:59:05 PM
Re: The flipside
Universerity of Denver, Colorado (School of Business) launched a cyber risk management course three years ago. The course is part of the Risk Management and Insurance program and covers the dark side of the digital era, including risk management techniques applicable as part of entperise wide risk management/cyber risk management frameworks. Not suprisingly, the curriculum is updated every year. Teaching cyber risk management is both a dynamic and challenging effort given the inability to rely on static information (textbooks, models, etc.). Nevertheless, the class is in high demand and the graduates report the class assists in their resume'positioning and post graduate job success.

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/23/2017 | 8:51:34 PM
Training
This is an issue that has started to get more attention, particularly with business, nonprofit, and public-sector partnerships through organizations like MIT's IC(3). Business and government want to see more cybersecurity coursework offered in colleges because they're currently in the position of having to compete for the talent that's out there and/or invest resources in training people themselves.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/18/2017 | 9:12:05 AM
Re: The flipside
This is is something a new career field - not as long as computers in general (anybody remember what a Novell CNE was!!)  I would wager that most security professionals just fell INTO the career from some other field in the computer support industry.  Our job path led us there.
WCLoehr
100%
0%
WCLoehr,
User Rank: Strategist
8/17/2017 | 12:10:33 PM
The flipside
What would be interesting to know some more about is for the small minority that did get security training in college. How was it structured? What it dedicated courses or was the security education woven into other classes? 
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12959
PUBLISHED: 2018-07-19
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
CVE-2018-14336
PUBLISHED: 2018-07-19
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
CVE-2018-10620
PUBLISHED: 2018-07-19
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...
CVE-2018-14423
PUBLISHED: 2018-07-19
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-3857
PUBLISHED: 2018-07-19
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain...