Skip to main content

DevOps 'suffering from lack of security skills'

(Image credit: Image Credit: Profit_Image / Shutterstock)

New research has revealed that software developers are not receiving the training necessary to be successful at DevOps (opens in new tab) in their current positions. 

According to the 2017 DevSecOps Global Skills Survey (opens in new tab) sponsored by Veracode and, 65 per cent of DevOps professionals believe that knowledge of DevOps is essential when starting a career in IT.  However 70 per cent believe that they did not receive the necessary training through formal education to be successful in today's DevSecOps world which integrates security into the development and testing of software. 

Despite the fact that nearly 80 per cent of those who responded to the survey hold either a bachelor or master's degree in computer science, there is still an overwhelming lack of cybersecurity knowledge prior to entering the workforce.  A large majority of those surveyed (70 per cent) said that the security education they received did not fully prepare them for what their positions require. 

Alan Shimel, the editor-in-chief at stressed the need for organisations to fill in the missing gaps in their employees cybersecurity knowledge, saying: 

“With major industry breaches further highlighting the need to integrate security into the DevOps process, organisations need to ensure that adequate security training is embedded in their DNA.  As formal education isn’t keeping up with the need for security, organisations need to fill the gap with increased support for education.” 

The survey also revealed that slightly less than half of respondents said their employers paid for additional training since they joined the workforce and almost seven out of 10 developers reported that organisations provided them with security training that was inadequate. 

Veracode's VP of engineering, Maria Loughlin noted that the recent surge in ransomware attacks is a prime example of why increased cybersecurity training is required, saying: 

“WannaCry and Petya are just two recent examples of large-scale cyberattacks that further demonstrate the importance of security in today’s exceedingly digital world. Despite this apparent need, security practices and secure software development isn’t required to earn a degree in IT or computer science.”   

“Our research with highlights the fact that there are no clear shortcuts to address the skills gap. Higher education and enterprises need to have a more mature expectation around what colleges should teach and where organisations need to supplement education given the ever-changing nature of programming languages and frameworks. The industry will have to come together to ensure the safety of the application economy.”   

The 2017 DevSecOps Global Skills Survey was commissioned by Veracode and conducted by with almost 400 DevOps professionals participating worldwide. 

Image Credit: Profit_Image / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.