Training Tips for Secure DevOps

Maria Loughlin

As VP of Engineering, Maria manages the development teams for CA Veracode’s cloud-based platform and Web Application Security products. She is known for her high energy, optimism, and pragmatism, and can always be counted upon to call out the elephant in the room.

Lay a Broad Foundation.

In a DevOps environment, software developers must be proactive about building security into their applications. Conventionally, developers receive very little education or training in application security. So, your organization needs to provide devs with a firm grounding in key security concepts like authentication, authorization, data protection and session management. In addition devs need to be aware of best practices for embedding security in their SDLC and automating in their CI/CD pipeline.

Focus on What’s Most Relevant.

Once a working knowledge of the basics has been achieved, developers should take a deep dive into aspects of application security that are most relevant to their work. Therefore, your next round of training sessions should be assigned according to role and should focus on the specific technologies devs will need in order to integrate security into their daily work.

Keep Learning on the Job.

Security is a never-ending process and new threats emerge all the time. Furthermore, studies show that most people almost immediately forget much of what they learn in training. Therefore, your developers’ newfound security expertise should be kept front-of-mind and up-to-date with regular secure code reviews, feedback, mentoring and learning. Integration and automation of security processes—design, development, analysis, response—in the standard workflows ensures that security remains top of mind.

By Maria Loughlin | 23 May 2018

Make security a competitive advantage.

We’ll show you how to give users better, safer experiences.

See how >

Subscribe to The Blueprint

Share the wealth and suggest a friend to subscribe to The Blueprint:

At CA, your time and privacy are just as important to us as they are to you. We use the information you provide to us under our legitimate interests to make sure you hear about topics of interest to you. If we got it wrong you can update your preferences by clicking here. If you'd like to know more about how we use your personal information, you can read our privacy statement here.

Please fill out all required fields

You are now subscribed to The Blueprint.