Gary Varga (7/30/2014)

---

There simply isn't enough education on security.

I have two decades of commercial experience programming. I have read books, watched online presentations, read whitepapers, read technical articles and gone on training courses. All this on top of a computing MSc done after 6 years in education solely on computing. (This is to highlight how bad the situation is, not to brag :-)). And yet I do not know enough about security.

Security must become a first term (semester) subject at each level of education. For each company, it must be a requisite for each new IT employee to have done this in education or have to complete a course. It must be mandatory¹ for IT staff remain up to date somehow.

¹I am not stipulating how it is mandatory. This could be achieved by government regulation, accreditation (e.g. ISO), company policy or individually (e.g. IEEE or BCS membership etc).