Preloader spinner

DevOps Institute: DevSecOps Foundation including exam

Diagram showing DevOps process

Course Code: DEVSOF

Duration: 2 days

Course Overview

Integrating security practices into DevOps, such as Security as Code, is a way for security practitioners to operate and contribute value with less friction. Security practices must adapt dynamically to ensure data security and privacy issues are not left behind in the fast-paced world of DevOps.

Target Audience

- Anyone involved or interested in learning about DevSecOps strategies and automation

- Anyone involved in Continuous Delivery toolchain architectures

- Compliance Team

- Delivery Staff

- DevOps Engineers

- IT Managers

- IT Security Professionals, Practitioners, and Managers

- Maintenance and support staff

- Managed Service Providers

- Project & Product Managers

- Quality Assurance Teams

- Release Managers

- Scrum Masters

- Site Reliability Engineers

- Software Engineers

- Testers

Course Content

Cyber Threat Landscape (CTL)

Tactics, techniques and procedures (TTPs) describe how  threat agents orchestrate and manage attacks. Threat Models  optimize security by identifying objectives and vulnerabilities  such as OWASP top ten, before defining counter-measures.  Continuous Delivery practices are engaged to realize continuous governance, risk management and compliance.

Responsive DevSecOps Model

Security is made continuously adaptive and auditable by  breaking security silos, cultivating a symbiotic relationship between security and other business units. Security specific practices and integrated toolsets as code (such as security scans) enable automated security KPIs and observable  security practices into the DevOps value stream.

DevSecOps Stakeholders

Gaps between traditional waterfall security cultures and fast-paced DevOps cultures, are removed by building collaboration and trust. Through improving credibility, reliability and empathy while reducing self-interest. Decisions are based on advice from everyone affected and people with expertise using systems thinking. Shared metrics assure adaptable governance using discipline, with automation, transparency and accountability.

Realizing DevSecOps Outcomes

Security is built into the value stream efficiently with empowered development teams implementing features securely, shift-left security testing, tools for automated feedback. Culture improvements instead of policy enforcements ensure security and software engineers are continuously cross-skilling and collaborating.

Pipelines & Continuous Compliance

Security test and scanning tools are integrated into the CI/CD pipeline to finding known vulnerabilities (published CVEs) and common software weaknesses (CWEs). Repetitive security tasks are automated such as configurations, Fuzz testing and long running security tasks. Compliance as Code helps in automating compliance requirements to foster collaboration, repeatability, and continuous compliance.

DevSecOps Practices

Security is integrated into people, process, technology and governance practices. Continuous security practices for DevSecOps are implemented in onboarding processes for stakeholders. Security practices and outcomes are monitored and improved using data-driven decision making and response patterns. Lean and value stream thinking ensure that security does not cause waste, delays or constraints for flow.

Getting Started

Value Stream Mapping establishes where security activities and bottlenecks currently happen. Collaborative design of a target value state map addresses security requirements, communication and automation improvements. Scope of the design includes practices for Artifact Management, Risk Management, Identity Access Management, Secrets Management, Encryption, Governance, Risk and Compliance, Monitoring and Logging, Incident response and learning.

Learning Using Outcomes

Continuous DevSecOps learning programs are implemented to meet evolving security requirements for the organization and individuals using strategies such as lunch and learns, mentoring, professional education, employee learning plans, structured training classes, Dojos, retrospective learning, gamification, and DevOps Institute SKILup Days.

Course Pre-requisites

None

Test Certification

Exam Details

Questions: 40

Languages: English, Brazilian Portuguese, Chinese

Format: Multiple Choice

Passing Score: 65%

Delivery: Web-based

Duration: 60 minutes

Open Book: Yes

Public Schedule

RRP:  
£1,295 per delegate
Our price:  
£1,230 per delegate

Virtual Private Training

N/A

Onsite Training

N/A

Note

All prices exclude VAT at 20%.

VAT registration number: 450 4347 14

You may also like...

DevOps Institute: DevSecOps Foundation including exam

Enhance your DevSecOps expertise by integrating security into workflows. Learn key practices like security as code and continuous compliance, and prepare for the certification exam.

An icon of a clock
Duration:

2 days

DevOps Institute: DevOps Leader (DOL)® including exam

Lead DevOps transformations with our DevOps Institute DevOps Leader course. Gain expert knowledge, practical skills, and take the exam.

An icon of a clock
Duration:

2 days

DevOps Institute: DevOps Foundation (DOFD)® including exam

Kickstart your DevOps career with the DevOps Institute Foundation course. Learn core DevOps principles, gain practical experience, and take the exam.

An icon of a clock
Duration:

2 days

Enquire about this course

DevOps Institute: DevSecOps Foundation including exam
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Join our mailing list

Receive details on our new courses and special offers

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.