Today’s formal education shows significant security skills gaps in the IT and developer professional community. According to new research from Veracode and, 76 percent of developers indicated security and secure development education is needed for today’s world of coding, but it’s missing from current curriculums.

By not including security as part of bachelor’s or master’s degree program, or by leaving it out of training on the job, businesses are risking being part of another global cyber attack, according to Veracode, a software security company recently acquired by CA Technologies. The 2017 DevSecOps Global Skills Survey from Veracode, found that 65 percent of DevOps professionals say they are learning the skills they need on the job, and they are not receiving the necessary training through their formal education.

“With major industry breaches further highlighting the need to integrate security into the DevOps process, organizations need to ensure that adequate security training is embedded in their DNA,” said Alan Shimel, editor-in-chief, “As formal education isn’t keeping up with the need for security, organizations need to fill the gap with increased support for education.”

Almost all of the respondents (80 percent) have a bachelor’s or master’s degree, but there is still a lack of cybersecurity knowledge prior to entering the workforce. The survey found that 70 percent of respondents said their security education was not adequate for what their current positions require, and they are actually learning the most relevant information and professional skills on the job.

Additionally, those surveyed said that their IT workforce is only somewhat prepared or not prepared with the skills necessary to deliver secure software at the speed of DevOps. Nearly 40 percent of hiring managers surveyed reported that the hardest employees to find are the DevOps pros with sufficient knowledge of security testing. According to the survey, this poses a significant challenge, since more than 50 percent of organizations said that either the entire organization or some of their teams are currently utilizing DevOps practices.