Introduction

Learn the purpose, benefits, concepts, and vocabulary of DevSecOps including DevOps security strategies and business benefits.

Course Duration :

2 Days Instructor-Led Classroom Training

Synopsis

Outline

Objectives

Audience

Certification & Exam Info

Prerequisites

Synopsis

This comprehensive course addresses testing in a DevOps environment and covers concepts such as the active use of test automation, testing earlier in the development cycle, and instilling testing skills in developers, quality assurance, security, and operational teams.

The course is relevant for every modern IT professional involved in defining or deploying a DevOps testing strategy for their organization, as test engineering is the backbone of DevOps and the primary key for successful DevOps pipeline to support digital transformation.

Actionable and exciting exercises will be used to apply the concepts covered in the course and sample documents, templates, tools, and techniques will be provided to leverage after the class.

Outline

Why DevSecOps?

Key Terms and Concepts
3 Ways to Think About DevOps+Security
Key Principles of DevSecOps

Culture and Management

Key Terms and Concepts
Incentive Model
Resilience
Organizational Culture
Generativity

Strategic Considerations

How Much Security is Enough?
Threat Modeling
Context is Everything
Risk Management in a High-velocity World

General Security Considerations

Avoiding the Checkbox Trap
Basic Security Hygiene
Architectural Considerations
Federated Identity
Log Management

IAM: Identity & Access Management

IAM Basic Concepts
Why IAM is Important
Implementation Guidance
Automation Opportunities
How to Hurt Yourself with IAM

Application Security

Application Security Testing (AST)
Testing Techniques
Prioritizing Testing Techniques
Issue Management Integration
Threat Modeling
Leveraging Automation

Operational Security

Basic Security Hygiene Practices
Role of Operations Management
The Ops Environment

Governance, Risk, Compliance (GRC) and Audit

What is and why care about GRC?
Rethinking Policies
Policy as Code
Shifting Audit Left
3 Myths of Segregation of Duties vs. DevOps

Logging, Monitoring, and Response

Setting Up Log Management
Incident Response and Forensics
Threat Intelligence and Information Sharing

Objectives

On completion of this course, the following learning outcomes will be achieved:

The purpose, benefits, concepts, and vocabulary of DevSecOps
How DevOps security practices differ from other security approaches
Business-driven security strategies
Understanding and applying data and security sciences
The use and benefits of Red and Blue Teams
Integrating security into Continuous Delivery workflows
How DevSecOps roles fit with a DevOps culture and organization

Audience

The target audience for this course are professionals involved in DevSecOps, such as:

Anyone involved or interested in learning about DevSecOps strategies and automation
Anyone involved in Continuous Delivery toolchain architectures
Compliance Team
Delivery Staff
DevOps Engineers
Business Managers
IT Security Professionals, Practitioners and Managers
Maintenance and support staff
Managed Service Providers
Project & Product Managers
Quality Assurance Teams
Release Managers
Scrum Masters
Site Reliability Engineers
Software Engineers
Testers

Certification & Exam Info

Participants who successfully complete the course and pass the examination will be recognized as a certified DevOps Test Engineer (DTE) issued and governed by DevOps Institute. Delegates who do not attain a passing score for the examination would be awarded a course attendance certificate only.

EXAMINATION FORMAT

40 Multiple Choice
1 mark per correct answer
26 marks required to pass (out of 40 available) – 65%
Ninety minutes duration
Closed-book

Prerequisites

The DevOps Foundation certification is a prerequisite to attending the DevSecOps Engineering course and sitting the certification examination. Familiarity with DevOps definitions and principles are essential.