DevSecOps Foundation

Learn how DevSecOps roles fit with a DevOps culture and organization

With the rising number of data breaches and increased emphasis on data privacy regulations, organizations need to prioritize security and compliance measures into everyday workflows.

Our recent virtual class! In support of safe management in light of COVID19, classes may be run virtually.

Accredited by IBF

This course is accredited under IBF Standards Training Scheme.

  • Up to 70% for training programmes commencing 1 January 2023 onwards. 
  • Terms and conditions apply. Please visit our IBF STS programme page for full details.

DevOps Premier Partner

Sapience’s Accredited Trainers have gone through a vetting process with DevOps Institute, and official material will be provided.

Supported by Skillsfuture Credits

SkillsFuture Credit can be used on top of existing government course subsidies to pay for a wide range of approved skills-related courses. Visit our SkillsFuture Credit page for more info.

Supported by UTAP

NTUC members can use the Union Training Assistance Programme (UTAP) to partially cover the cost of their training. Visit our UTAP page for more info.

Introduction

Course duration: 3 days, 9am – 5pm

Learn the purpose, benefits, concepts, and vocabulary of DevSecOps including DevOps security strategies and business benefits.

As companies are pushing code faster and more often than ever, the rate of vulnerabilities in our systems is accelerating. As we are being asked to do more with less, DevOps has shown immense value to business and security as an integral component that needs to be integrated into the strategy.

Topics covered in the course include how DevSecOps provides the business value of DevOps and the ability DevOps has to enable the business and support an organizational transformation with the ultimate goal of increasing productivity, reducing risk, and optimizing cost in the organization.

This course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security sciences. Participants learn the purpose, benefits, concepts, and vocabulary of DevSecOps; particularly how DevSecOps roles fit with a DevOps culture and organization. At the end of this course, participants will understand using “security as code” with the intent of making security and compliance consumable as a service.

The course is designed to teach practical steps on how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means of protecting the organization and customer.

This course may be eligible for PMI’s PDUs.

  • Realizing DevSecOps Outcomes
    • Origins of DevOps
    • ​
    Evolution of DevSecOps​
    • CALMS​
    • The Three Ways
  • Defining the Cyberthreat Landscape​
    • What is the Cyber Threat Landscape?​
    • What is the threat?​
    • What do we protect from?​
    • What do we protect, and why?​
    • How do I talk to security?​
  • ​Building a Responsive DevSecOps Model
    • Demonstrate Model
    • Technical, business and human outcomes​
    • What’s being measured? ​
    • Gating and thresholding​
  • Integrating DevSecOps Stakeholders
    • The DevSecOps State of Mind​
    • The DevSecOps Stakeholders​
    • What’s at stake for who?​
    • Participating in the DevSecOps model​
  • ​Establishing DevSecOps Best Practices
    • Start where you are​
    • Integrating people, process and technology and governance​
    • DevSecOps operating model​
    • Communication practices and boundaries​
    • Focusing on outcomes ​
  • Best Practices to get Started
    • The Three Ways​
    • Identifying target state​s
    • Value stream-centric thinking​
  • ​DevOps Pipelines and Continuous Compliance
    • The goal of a DevOps pipeline​
    • Why continuous compliance is important​
    • Archetypes and reference architectures​
    • Coordinating DevOps Pipeline construction​
    • DevSecOps tool categories, types and examples​
  • Learning Using Outcomes
    • Security Training Options​
    • Training as Policy​
    • Experiential Learning​
    • Cross-Skilling​
    • The DevSecOps Collective Body of Knowledge​.

On completion of this course, the following learning outcomes will be achieved:

  • The purpose, benefits, concepts, and vocabulary of DevSecOps
  • How DevOps security practices differ from other security approaches
  • Business-driven security strategies
  • Understanding and applying data and security sciences
  • The use and benefits of Red and Blue Teams
  • Integrating security into Continuous Delivery workflows
  • How DevSecOps roles fit with a DevOps culture and organization.

The target audience for this course are professionals involved in DevSecOps, such as:

  • Anyone involved or interested in learning about DevSecOps strategies and automation
  • Anyone involved in Continuous Delivery toolchain architectures
  • Compliance Team
  • Delivery Staff
  • DevOps Engineers
  • Business Managers
  • IT Security Professionals, Practitioners and Managers
  • Maintenance and support staff
  • Managed Service Providers
  • Project & Product Managers
  • Quality Assurance Teams
  • Release Managers
  • Scrum Masters
  • Site Reliability Engineers
  • Software Engineers
  • Testers.

Participants who successfully complete the course and pass the examination will be recognized as DevSecOps Foundation (DSOF) certified which issued and governed by DevOps Institute. Delegates who do not attain a passing score for the examination would be awarded a course attendance certificate only.

EXAMINATION FORMAT

  • 40 Multiple Choice
  • 1 mark per correct answer
  • 26 marks required to pass (out of 40 available) – 65%
  • Sixty minutes duration
  • Web-based open-book examination.

There are no prerequisites to attending the DevSecOps Foundation course or sitting the certification examination. Familiarity with DevOps definitions and principles are essential.

Complimentary refresher

Participants can attend a complimentary refresher if they wish(1-year validity and subject to approval)

Post-training support

Should you have questions after the course, you may contact the trainer for assistance regarding course material

E-learning portal

Get one year access to our e-learning portal, including related e-books available for download, an official DevOps Institute sample exam and a randomised quiz formulated by Sapience Trainers based on past examinations

Trainer profile

Feisal Ismail

Extensive technical and managerial experience supporting organisations across government, pharmaceutical, banking and financial industries. Well-versed in creating and leading high-performing teams through effective work methodologies thatleverages on technology and best practices to achieve organizational objectives.

Communicative, articulate and a firm believer in sharing both knowledge and experience. Highly organized and relish delivering superlative results in high-pressure environments. Believes in providing quality advice grounded in a sapient application of experience, best practices and an acute understanding of real-world realities.

Clients can count on me – my word is my bond.

See more