[{"data":1,"prerenderedAt":492},["ShallowReactive",2],{"/en-us/the-source/security/the-future-of-devops-education-needs-to-include-security":3,"footer-en-us":32,"the-source-banner-en-us":366,"the-source-navigation-en-us":372,"article-site-categories-en-us":395,"the-source-newsletter-en-us":397,"the-future-of-devops-education-needs-to-include-security-the-source-source-cta-en-us":6,"the-future-of-devops-education-needs-to-include-security-article-hero-category-en-us":404,"the-future-of-devops-education-needs-to-include-security-category-en-us":430,"the-future-of-devops-education-needs-to-include-security-article-hero-author-en-us":443,"the-future-of-devops-education-needs-to-include-security-the-source-resources-en-us":463},{"id":4,"title":5,"body":6,"category":7,"config":8,"content":13,"description":6,"extension":23,"meta":24,"navigation":25,"path":26,"seo":27,"slug":28,"stem":29,"type":30,"__hash__":31},"theSource/en-us/the-source/security/the-future-of-devops-education-needs-to-include-security.yml","The Future Of Devops Education Needs To Include Security",null,"security",{"layout":9,"template":10,"author":11,"featured":12},"the-source","TheSourceArticle","gitlab",false,{"title":14,"description":15,"timeToRead":16,"heroImage":17,"keyTakeaways":18,"articleBody":22},"The future of DevOps education needs to include security","Learn how educators and students can prepare for the world of DevSecOps.","5 min read","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464659/e7y3ejbiaouubnc55l40.png",[19,20,21],"DevSecOps integrates security in DevOps, ensuring safer software and timely vulnerability detection.","Educators should focus on security principles, using platforms like GitLab to teach secure coding.","Students can join open-source projects or campus groups to gain DevSecOps skills and insights.","[DevSecOps](https://about.gitlab.com/topics/devsecops/) is the inclusion of security as an integral part of traditional DevOps development, a strategy known as [shifting left](https://about.gitlab.com/topics/ci-cd/shift-left-devops/). With DevSecOps, myriad security scans, including dynamic application security testing and static application security testing, and other security tasks are performed during the development process rather than waiting until later in the cycle. DevSecOps enables organizations to identify and mitigate vulnerabilities early to ensure safer software and avoid delivery delays.\n\nAs DevOps teams across industries evolve into DevSecOps teams, higher education should respond in kind to ensure students likely to enter tech careers [have the skills necessary to be competitive](https://about.gitlab.com/blog/whats-next-for-devsecops/). In GitLab’s [2022 Global DevSecOps survey](/developer-survey/#download),  53% of respondents said security is everyone’s responsibility. Yet, many college computer science programs don’t [include security-related courses in their core requirements](https://www.appsecengineer.com/blog/developer-security-at-universities).\n\nEvery company that develops software – even for internal use only - must be proficient in security to protect their applications. Here is what educators and students need to know about melding security into their DevOps curricula to prepare their students for the world of DevSecOps.\n\n## How educators can teach DevSecOps\n\n\"Security education is not about finding specific issues, but about teaching the right mindset,\" said Gábor Pék, co-founder of security education company Avatao, in [TechBeacon](https://techbeacon.com/security/5-ways-better-educate-developers-application-security).\n\nThere are a variety of tools and techniques for security, but students don’t need to know all of them; it’s more important – and more valuable – to focus on the principles of security. Also, as an educator, you can use [a single platform](https://about.gitlab.com/blog/why-the-market-is-moving-to-a-platform-approach-to-devsecops/) to streamline teaching students about how to write secure code.\n\nWith a DevSecOps platform like GitLab, students can explore how to protect the software development lifecycle using [built-in security tools](https://about.gitlab.com/stages-devops-lifecycle/secure/). [GitLab’s docs](https://docs.gitlab.com/ee/user/application_security/) on securing your application are a great place to start learning about how GitLab approaches DevSecOps and will give students the base knowledge and skills to build upon as they continue to learn in their careers.\n\n### Resources for Educators\n- [An Open Source Security Foundation course](https://openssf.org/training/courses/) on writing Secure Programming that you can use to supplement your own courses\n- [Best Practices for Secure Development](https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Concise-Guide-for-Developing-More-Secure-Software.md#readme)\n- [Understanding security vulnerabilities in student code: A case study in a non-security course](https://www.sciencedirect.com/science/article/abs/pii/S0164121221002430)\n- Bring the DevSecOps platform into your classroom with [GitLab for Education’s free license](https://about.gitlab.com/solutions/education/)\n\n## How students can learn DevSecOps\n\nIf a university isn’t offering direct instruction on security, students can still acquire the skills they need to succeed at a career in DevSecOps. Just knowing the term DevSecOps and understanding how it is changing software development can put a student ahead of the curve. Here are some more options for learning:\n\n### Participate in a security-focused open source project\n\nParticipating in security-focused open source projects is another excellent way to broaden your understanding of the role security plays in modern application development. Many security-focused open source projects call GitLab home, and just by using them, you become part of the communities developing and improving them.\n\nYou might consider tinkering with a single application – like popular disk encryption mainstay [cryptsetup](https://gitlab.com/cryptsetup) – or dive deeper into open source security by downloading, installing, and experimenting with [Kali Linux](https://gitlab.com/kalilinux), a Linux distribution built for security-minded engineers.\n\nNo matter what you choose, be sure to investigate how those communities incorporate security concerns and best practices into their programming. You could even start the conversation by creating an issue in their projects.\n\n### Find security-driven organizations\n\nLook into organizations like [OpenSSF](https://openssf.org/). OpenSSF seeks to inform and educate developers everywhere about the importance of secure software in the open source world. It’s an important enough consideration that OpenSSF is designated as a Linux foundation project. OpenSSF has several ways to not only learn, but get directly involved in projects that will sharpen skills and create networking opportunities outside of your classroom.\n\n## Start a security-focused campus group\n\nMany campuses have security-focused groups, and you don’t have to be a cybersecurity student to join. Odalis Estrada from Cal Polytechnic Pomona is a member of Forensics and Security Technology, a.k.a. FAST, a student chapter of the High Technology Crime Investigation Association. Estrada says that her club is a mix of computer science students and cybersecurity students. She says, “There are attacks and vulnerabilities evolving constantly…” and that the club has helped its members “understand old and new attacks.”\n\nIf there isn’t a security-focused campus group, consider starting one to explore the importance of security in computer science. It’s a great way to learn more about modern secure software development.\n\nLearning about security doesn’t just benefit developers. “If developers write more secure code, then security teams will have more time to concentrate on other issues,” Estrada said, adding this creates safer software development.","yml",{},true,"/en-us/the-source/security/the-future-of-devops-education-needs-to-include-security",{"title":14,"description":15,"ogImage":17},"the-future-of-devops-education-needs-to-include-security","en-us/the-source/security/the-future-of-devops-education-needs-to-include-security","article","YR0orzi31TZEozrQYrH-mTrRUTSDybi2uL0Fe4E3v7w",{"data":33},{"text":34,"source":35,"edit":41,"contribute":46,"config":51,"items":56,"minimal":355},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":36,"config":37},"View page source",{"href":38,"dataGaName":39,"dataGaLocation":40},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":42,"config":43},"Edit this page",{"href":44,"dataGaName":45,"dataGaLocation":40},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":47,"config":48},"Please contribute",{"href":49,"dataGaName":50,"dataGaLocation":40},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":52,"facebook":53,"youtube":54,"linkedin":55},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[57,114,171,230,293],{"title":58,"links":59,"subMenu":75},"Pricing",[60,65,70],{"text":61,"config":62},"View plans",{"href":63,"dataGaName":64,"dataGaLocation":40},"/pricing/","view plans",{"text":66,"config":67},"Why Premium?",{"href":68,"dataGaName":69,"dataGaLocation":40},"/pricing/premium/","why premium",{"text":71,"config":72},"Why Ultimate?",{"href":73,"dataGaName":74,"dataGaLocation":40},"/pricing/ultimate/","why ultimate",[76],{"title":77,"links":78},"Contact Us",[79,84,89,94,99,104,109],{"text":80,"config":81},"Contact sales",{"href":82,"dataGaName":83,"dataGaLocation":40},"/sales/","sales",{"text":85,"config":86},"Support portal",{"href":87,"dataGaName":88,"dataGaLocation":40},"https://support.gitlab.com","support portal",{"text":90,"config":91},"Customer portal",{"href":92,"dataGaName":93,"dataGaLocation":40},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":95,"config":96},"Status",{"href":97,"dataGaName":98,"dataGaLocation":40},"https://status.gitlab.com/","status",{"text":100,"config":101},"Terms of use",{"href":102,"dataGaName":103,"dataGaLocation":40},"/terms/","terms of use",{"text":105,"config":106},"Privacy statement",{"href":107,"dataGaName":108,"dataGaLocation":40},"/privacy/","privacy statement",{"text":110,"config":111},"Cookie preferences",{"dataGaName":112,"dataGaLocation":40,"id":113,"isOneTrustButton":25},"cookie preferences","ot-sdk-btn",{"title":115,"links":116,"subMenu":127},"Product",[117,122],{"text":118,"config":119},"DevSecOps platform",{"href":120,"dataGaName":121,"dataGaLocation":40},"/platform/","devsecops platform",{"text":123,"config":124},"AI-Assisted Development",{"href":125,"dataGaName":126,"dataGaLocation":40},"/gitlab-duo/","ai-assisted development",[128],{"title":129,"links":130},"Topics",[131,136,141,146,151,156,161,166],{"text":132,"config":133},"CICD",{"href":134,"dataGaName":135,"dataGaLocation":40},"/topics/ci-cd/","cicd",{"text":137,"config":138},"GitOps",{"href":139,"dataGaName":140,"dataGaLocation":40},"/topics/gitops/","gitops",{"text":142,"config":143},"DevOps",{"href":144,"dataGaName":145,"dataGaLocation":40},"/topics/devops/","devops",{"text":147,"config":148},"Version Control",{"href":149,"dataGaName":150,"dataGaLocation":40},"/topics/version-control/","version control",{"text":152,"config":153},"DevSecOps",{"href":154,"dataGaName":155,"dataGaLocation":40},"/topics/devsecops/","devsecops",{"text":157,"config":158},"Cloud Native",{"href":159,"dataGaName":160,"dataGaLocation":40},"/topics/cloud-native/","cloud native",{"text":162,"config":163},"AI for Coding",{"href":164,"dataGaName":165,"dataGaLocation":40},"/topics/devops/ai-for-coding/","ai for coding",{"text":167,"config":168},"Agentic AI",{"href":169,"dataGaName":170,"dataGaLocation":40},"/topics/agentic-ai/","agentic ai",{"title":172,"links":173},"Solutions",[174,178,183,188,193,197,202,205,210,215,220,225],{"text":175,"config":176},"Application Security Testing",{"href":177,"dataGaName":175,"dataGaLocation":40},"/solutions/application-security-testing/",{"text":179,"config":180},"Automated software delivery",{"href":181,"dataGaName":182,"dataGaLocation":40},"/solutions/delivery-automation/","automated software delivery",{"text":184,"config":185},"Agile development",{"href":186,"dataGaName":187,"dataGaLocation":40},"/solutions/agile-delivery/","agile delivery",{"text":189,"config":190},"SCM",{"href":191,"dataGaName":192,"dataGaLocation":40},"/solutions/source-code-management/","source code management",{"text":132,"config":194},{"href":195,"dataGaName":196,"dataGaLocation":40},"/solutions/continuous-integration/","continuous integration & delivery",{"text":198,"config":199},"Value stream management",{"href":200,"dataGaName":201,"dataGaLocation":40},"/solutions/value-stream-management/","value stream management",{"text":137,"config":203},{"href":204,"dataGaName":140,"dataGaLocation":40},"/solutions/gitops/",{"text":206,"config":207},"Enterprise",{"href":208,"dataGaName":209,"dataGaLocation":40},"/enterprise/","enterprise",{"text":211,"config":212},"Small business",{"href":213,"dataGaName":214,"dataGaLocation":40},"/small-business/","small business",{"text":216,"config":217},"Public sector",{"href":218,"dataGaName":219,"dataGaLocation":40},"/solutions/public-sector/","public sector",{"text":221,"config":222},"Education",{"href":223,"dataGaName":224,"dataGaLocation":40},"/solutions/education/","education",{"text":226,"config":227},"Financial services",{"href":228,"dataGaName":229,"dataGaLocation":40},"/solutions/finance/","financial services",{"title":231,"links":232},"Resources",[233,238,243,248,253,258,263,268,273,278,283,288],{"text":234,"config":235},"Install",{"href":236,"dataGaName":237,"dataGaLocation":40},"/install/","install",{"text":239,"config":240},"Quick start guides",{"href":241,"dataGaName":242,"dataGaLocation":40},"/get-started/","quick setup checklists",{"text":244,"config":245},"Learn",{"href":246,"dataGaName":247,"dataGaLocation":40},"https://university.gitlab.com/","learn",{"text":249,"config":250},"Product documentation",{"href":251,"dataGaName":252,"dataGaLocation":40},"https://docs.gitlab.com/","docs",{"text":254,"config":255},"Blog",{"href":256,"dataGaName":257,"dataGaLocation":40},"/blog/","blog",{"text":259,"config":260},"Customer success stories",{"href":261,"dataGaName":262,"dataGaLocation":40},"/customers/","customer success stories",{"text":264,"config":265},"Remote",{"href":266,"dataGaName":267,"dataGaLocation":40},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":269,"config":270},"GitLab Services",{"href":271,"dataGaName":272,"dataGaLocation":40},"/services/","services",{"text":274,"config":275},"Community",{"href":276,"dataGaName":277,"dataGaLocation":40},"/community/","community",{"text":279,"config":280},"Forum",{"href":281,"dataGaName":282,"dataGaLocation":40},"https://forum.gitlab.com/","forum",{"text":284,"config":285},"Events",{"href":286,"dataGaName":287,"dataGaLocation":40},"/events/","events",{"text":289,"config":290},"Partners",{"href":291,"dataGaName":292,"dataGaLocation":40},"/partners/","partners",{"title":294,"links":295},"Company",[296,301,306,311,316,321,326,330,335,340,345,350],{"text":297,"config":298},"About",{"href":299,"dataGaName":300,"dataGaLocation":40},"/company/","company",{"text":302,"config":303},"Jobs",{"href":304,"dataGaName":305,"dataGaLocation":40},"/jobs/","jobs",{"text":307,"config":308},"Leadership",{"href":309,"dataGaName":310,"dataGaLocation":40},"/company/team/e-group/","leadership",{"text":312,"config":313},"Team",{"href":314,"dataGaName":315,"dataGaLocation":40},"/company/team/","team",{"text":317,"config":318},"Handbook",{"href":319,"dataGaName":320,"dataGaLocation":40},"https://handbook.gitlab.com/","handbook",{"text":322,"config":323},"Investor relations",{"href":324,"dataGaName":325,"dataGaLocation":40},"https://ir.gitlab.com/","investor relations",{"text":327,"config":328},"Sustainability",{"href":329,"dataGaName":327,"dataGaLocation":40},"/sustainability/",{"text":331,"config":332},"Diversity, inclusion and belonging (DIB)",{"href":333,"dataGaName":334,"dataGaLocation":40},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":336,"config":337},"Trust Center",{"href":338,"dataGaName":339,"dataGaLocation":40},"/security/","trust center",{"text":341,"config":342},"Newsletter",{"href":343,"dataGaName":344,"dataGaLocation":40},"/company/contact/#contact-forms","newsletter",{"text":346,"config":347},"Press",{"href":348,"dataGaName":349,"dataGaLocation":40},"/press/","press",{"text":351,"config":352},"Modern Slavery Transparency Statement",{"href":353,"dataGaName":354,"dataGaLocation":40},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":356},[357,360,363],{"text":358,"config":359},"Terms",{"href":102,"dataGaName":103,"dataGaLocation":40},{"text":361,"config":362},"Cookies",{"dataGaName":112,"dataGaLocation":40,"id":113,"isOneTrustButton":25},{"text":364,"config":365},"Privacy",{"href":107,"dataGaName":108,"dataGaLocation":40},{"visibility":25,"title":367,"button":368},"The Intelligent Software Development Era: How AI is reshaping DevSecOps teams",{"config":369,"text":371},{"href":370},"/developer-survey/","Get the research report",{"logo":373,"subscribeLink":378,"navItems":382},{"altText":374,"config":375},"the source logo",{"src":376,"href":377},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":379,"config":380},"Subscribe",{"href":381},"#subscribe",[383,387,391],{"text":384,"config":385},"Artificial Intelligence",{"href":386},"/the-source/ai/",{"text":388,"config":389},"Security & Compliance",{"href":390},"/the-source/security/",{"text":392,"config":393},"Platform & Infrastructure",{"href":394},"/the-source/platform/",{"categoryNames":396},{"ai":384,"platform":392,"security":388},{"title":398,"description":399,"submitMessage":400,"formData":401},"The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":402},{"formId":403,"formName":344,"hideRequiredLabel":25},1077,{"id":405,"title":406,"body":6,"category":6,"config":407,"content":408,"description":6,"extension":23,"meta":424,"navigation":25,"path":425,"seo":426,"slug":7,"stem":427,"testContent":6,"type":428,"__hash__":429},"pages/en-us/the-source/security/index.yml","",{"layout":9},[409,416],{"componentName":410,"type":410,"componentContent":411},"TheSourceCategoryHero",{"title":388,"description":412,"image":413},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.",{"config":414},{"src":415},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",{"componentName":417,"type":417,"componentContent":418},"TheSourceCategoryMainSection",{"config":419},{"sourceCTAs":420},[421,422,423],"source-lp-guide-to-dynamic-sboms","source-lp-devsecops-the-key-to-modern-security-resilience","application-security-in-the-digital-age",{},"/en-us/the-source/security",{"title":388,"description":412,"ogImage":415},"en-us/the-source/security/index","category","Yz-XSZ2w3Zg4r2_4aWlzq2kmfduukECmMNfXD6Ha26w",{"id":405,"title":406,"body":6,"category":6,"config":431,"content":432,"description":6,"extension":23,"meta":441,"navigation":25,"path":425,"seo":442,"slug":7,"stem":427,"testContent":6,"type":428,"__hash__":429},{"layout":9},[433,437],{"componentName":410,"type":410,"componentContent":434},{"title":388,"description":412,"image":435},{"config":436},{"src":415},{"componentName":417,"type":417,"componentContent":438},{"config":439},{"sourceCTAs":440},[421,422,423],{},{"title":388,"description":412,"ogImage":415},{"id":444,"title":445,"body":6,"category":6,"config":446,"content":447,"description":6,"extension":23,"meta":457,"navigation":25,"path":458,"seo":459,"slug":11,"stem":460,"testContent":6,"type":461,"__hash__":462},"theSourceAuthors/en-us/the-source/authors/gitlab.yml","Gitlab",{"layout":9},[448,455],{"componentName":449,"type":449,"componentContent":450},"TheSourceAuthorHero",{"name":451,"headshot":452},"GitLab",{"altText":451,"config":453},{"src":454},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463461/ts7io0hgpdyqylbzfire.png",{"componentName":456,"type":456},"TheSourceArticlesList",{},"/en-us/the-source/authors/gitlab",{"title":451},"en-us/the-source/authors/gitlab","author","PRj0sukZYyfz4kDVxOZQ0dNTWqLAGDqHl66chHWQE_o",[464,474,483],{"config":465,"title":466,"description":467,"link":468},{"slug":423},"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":469,"config":470},"Read the report",{"href":471,"dataGaName":472,"dataGaLocation":473},"/developer-survey/2024/security-compliance/","Application Security in the Digital Age","thesource",{"config":475,"title":476,"description":477,"link":478},{"slug":422},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":479,"config":480},"Download the guide",{"href":481,"dataGaName":482,"dataGaLocation":473},"/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience",{"config":484,"title":485,"description":486,"link":487},{"slug":421},"Guide to dynamic SBOMs: An integral element of modern software development","Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":488,"config":489},"Read the guide",{"href":490,"dataGaName":491,"dataGaLocation":473},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs",1772652092010]