Security audits should be preventative. Have them before any significant change in infrastructure is released, and have them periodically as a backup.
I had a cryptography and security class in college (I took the elective), and honestly, we didn’t cover all that much that’s actually relevant to the industry, and everything that was relevant was quickly outdated. That’s not going to be a solution, we need a greater appreciation for security audits.
Security audits should be preventative. Have them before any significant change in infrastructure is released, and have them periodically as a backup.
I had a cryptography and security class in college (I took the elective), and honestly, we didn’t cover all that much that’s actually relevant to the industry, and everything that was relevant was quickly outdated. That’s not going to be a solution, we need a greater appreciation for security audits.