Lack of Security Training Hinders DevOps Success
- 1 of
-
Lack of Security Training Hinders DevOps Success
Software developers aren't getting security training, impeding the move to DevSecOps, the practice of integrating security into software development and testing. -
DevOps Is Critical
65% of the DevOps professionals surveyed believe it is very important to have knowledge of DevOps. -
Skills Are Lacking
Nearly 30% said their IT workforce is not prepared to securely deliver software at the speed of DevOps, and just over 50% said they are only somewhat prepared. -
Schools Don't Provide Security Training
76% of the respondents, most of whom have computer science or IT-specific degrees, were not required to complete any security courses during higher education. -
Employers Provide Inadequate Training
Nearly seven out of 10 developers surveyed complained that their organization provides inadequate training in application security. -
On the Job, On Their Own
More than 64% said they're learning their most relevant, valuable professional skills on the job. A mere 3% reported that they learned their most relevant skills in college. -
Need for Third-Party Help
About 37% of the tech pros surveyed believe that either classroom or e-learning third-party training would be the best way to bolster their skills, but only 4% have that opportunity. -
Some Employers Foot the Bill
Slightly less than 50% of the respondents reported that their employers have paid for additional training since their entry into the workforce. -
Tough to Find
Nearly 40% of those surveyed said the hardest employees to find are all-purpose DevOps gurus who have a solid foundation in security testing and fundamentals. -
Rare Skills
The two skills that are hardest to find in IT ops talent are vulnerability management and containerization skills.
With large-scale cyber-attacks becoming more frequent, security is more critical than ever, especially in fast-paced DevOps environments. But software developers are not receiving the security training they need, impeding the evolution to DevSecOps, the practice of integrating security into software development and testing. That could have real impact on the productivity of businesses in every industry, as well as on the security and quality of the software that underpins the digital economy. The "2017 DevSecOps Global Skills Survey" shows that three out of four DevOps professionals were not required to take any security courses to obtain a computer science or other IT-related college degree. As a result, many organizations are having great difficulty finding DevOps experts with adequate knowledge of security testing. Yet enterprises aren't providing that training in the workplace, according to most of the IT professionals surveyed. Not surprisingly, then, nearly one-third of them believe their IT workforce is unprepared to securely deliver software at DevOps speeds, and IT organizations increasingly struggle to fill out their IT teams with the right mix of skills. "This research highlights that the skills gap is real, and that there are no clear shortcuts to address it," said Maria Loughlin, senior vice president of engineering for Veracode, which commissioned the survey. "The industry will have to come together to address that gap and ensure the safety of the application economy. Organizations should be prepared to teach and supplement security education if necessary, given the ever-changing nature of programming languages and frameworks." The study, conducted for Veracode by DevOps.com, surveyed nearly 400 DevOps professionals globally, focusing on developers and operations experts, with a smattering of security and QA professionals in the mix.