DevOps Institute: DevSecOps Foundation including exam
Course Schedule
Course Code: DEVSOF
Duration: 2 days
Course Overview
Integrating security practices into DevOps, such as Security as Code, is a way for security practitioners to operate and contribute value with less friction. Security practices must adapt dynamically to ensure data security and privacy issues are not left behind in the fast-paced world of DevOps.
Target Audience
- Anyone involved or interested in learning about DevSecOps strategies and automation
- Anyone involved in Continuous Delivery toolchain architectures
- Compliance Team
- Delivery Staff
- DevOps Engineers
- IT Managers
- IT Security Professionals, Practitioners, and Managers
- Maintenance and support staff
- Managed Service Providers
- Project & Product Managers
- Quality Assurance Teams
- Release Managers
- Scrum Masters
- Site Reliability Engineers
- Software Engineers
- Testers
Course Content
Cyber Threat Landscape (CTL)
Tactics, techniques and procedures (TTPs) describe how threat agents orchestrate and manage attacks. Threat Models optimize security by identifying objectives and vulnerabilities such as OWASP top ten, before defining counter-measures. Continuous Delivery practices are engaged to realize continuous governance, risk management and compliance.
Responsive DevSecOps Model
Security is made continuously adaptive and auditable by breaking security silos, cultivating a symbiotic relationship between security and other business units. Security specific practices and integrated toolsets as code (such as security scans) enable automated security KPIs and observable security practices into the DevOps value stream.
DevSecOps Stakeholders
Gaps between traditional waterfall security cultures and fast-paced DevOps cultures, are removed by building collaboration and trust. Through improving credibility, reliability and empathy while reducing self-interest. Decisions are based on advice from everyone affected and people with expertise using systems thinking. Shared metrics assure adaptable governance using discipline, with automation, transparency and accountability.
Realizing DevSecOps Outcomes
Security is built into the value stream efficiently with empowered development teams implementing features securely, shift-left security testing, tools for automated feedback. Culture improvements instead of policy enforcements ensure security and software engineers are continuously cross-skilling and collaborating.
Pipelines & Continuous Compliance
Security test and scanning tools are integrated into the CI/CD pipeline to finding known vulnerabilities (published CVEs) and common software weaknesses (CWEs). Repetitive security tasks are automated such as configurations, Fuzz testing and long running security tasks. Compliance as Code helps in automating compliance requirements to foster collaboration, repeatability, and continuous compliance.
DevSecOps Practices
Security is integrated into people, process, technology and governance practices. Continuous security practices for DevSecOps are implemented in onboarding processes for stakeholders. Security practices and outcomes are monitored and improved using data-driven decision making and response patterns. Lean and value stream thinking ensure that security does not cause waste, delays or constraints for flow.
Getting Started
Value Stream Mapping establishes where security activities and bottlenecks currently happen. Collaborative design of a target value state map addresses security requirements, communication and automation improvements. Scope of the design includes practices for Artifact Management, Risk Management, Identity Access Management, Secrets Management, Encryption, Governance, Risk and Compliance, Monitoring and Logging, Incident response and learning.
Learning Using Outcomes
Continuous DevSecOps learning programs are implemented to meet evolving security requirements for the organization and individuals using strategies such as lunch and learns, mentoring, professional education, employee learning plans, structured training classes, Dojos, retrospective learning, gamification, and DevOps Institute SKILup Days.
Course Pre-requisites
None
Test Certification
Exam Details
Questions: 40
Languages: English, Brazilian Portuguese, Chinese
Format: Multiple Choice
Passing Score: 65%
Delivery: Web-based
Duration: 60 minutes
Open Book: Yes
Public Schedule
Virtual Private Training
N/A
Onsite Training
N/A
Note
All prices exclude VAT at 20%.
VAT registration number: 450 4347 14
You may also like...
Enhance your DevSecOps expertise by integrating security into workflows. Learn key practices like security as code and continuous compliance, and prepare for the certification exam.
2 days
Lead DevOps transformations with our DevOps Institute DevOps Leader course. Gain expert knowledge, practical skills, and take the exam.
2 days
Kickstart your DevOps career with the DevOps Institute Foundation course. Learn core DevOps principles, gain practical experience, and take the exam.
2 days