DevSecOps Engineering

Why DevSecOps?

• Key Terms and Concepts
• 3 Ways to Think About DevOps+Security
• Key Principles of DevSecOps

Culture and Management

• Key Terms and Concepts
• Incentive Model
• Resilience
• Organizational Culture
• Generativity

Strategic Considerations

• How Much Security is Enough?
• Threat Modeling
• Context is Everything
• Risk Management in a High-velocity World

General Security Considerations

• Avoiding the Checkbox Trap
• Basic Security Hygiene
• Architectural Considerations
• Federated Identity
• Log Management

IAM: Identity & Access Management

• IAM Basic Concepts
• Why IAM is Important
• Implementation Guidance
• Automation Opportunities
• How to Hurt Yourself with IAM

Application Security

• Application Security Testing (AST)
• Testing Techniques
• Prioritizing Testing Techniques
• Issue Management Integration
• Threat Modeling
• Leveraging Automation

Operational Security

• Basic Security Hygiene Practices
• Role of Operations Management
• The Ops Environment

Governance, Risk, Compliance (GRC) and Audit

• What is and why care about GRC?
• Rethinking Policies
• Policy as Code
• Shifting Audit Left
• 3 Myths of Segregation of Duties vs. DevOps

Logging, Monitoring, and Response

• Setting Up Log Management
• Incident Response and Forensics
• Threat Intelligence and Information Sharing

On completion of this course, the following learning outcomes will be achieved:

• The purpose, benefits, concepts, and vocabulary of DevSecOps
• How DevOps security practices differ from other security approaches
• Business-driven security strategies
• Understanding and applying data and security sciences
• The use and benefits of Red and Blue Teams
• Integrating security into Continuous Delivery workflows
• How DevSecOps roles fit with a DevOps culture and organization

The target audience for this course are professionals involved in DevSecOps, such as:

• Anyone involved or interested in learning about DevSecOps strategies and automation
• Anyone involved in Continuous Delivery toolchain architectures
• Compliance Team
• Delivery Staff
• DevOps Engineers
• Business Managers
• IT Security Professionals, Practitioners and Managers
• Maintenance and support staff
• Managed Service Providers
• Project & Product Managers
• Quality Assurance Teams
• Release Managers
• Scrum Masters
• Site Reliability Engineers
• Software Engineers
• Testers

Participants who successfully complete the course and pass the examination will be recognized as a certified DevOps Test Engineer (DTE) issued and governed by DevOps Institute. Delegates who do not attain a passing score for the examination would be awarded a course attendance certificate only.

EXAMINATION FORMAT

• 40 Multiple Choice
• 1 mark per correct answer
• 26 marks required to pass (out of 40 available) – 65%
• Ninety minutes duration
• Closed-book

The DevOps Foundation certification is a prerequisite to attending the DevSecOps Engineering course and sitting the certification examination. Familiarity with DevOps definitions and principles are essential.