OVERVIEW
As companies deploy code faster and more often than ever, new vulnerabilities are also accelerating. When the boss says, “Do more with less”, DevOps practices adds business and security value as an integral, strategic component. Delivering development, security, and operations at the speed of business should be an essential component for any modern enterprise.
Course topics covered include how DevSecOps provides business value, enhancing your business opportunities, and improving corporate value. The core DevSecOps principles taught can support an organizational transformation, increase productivity, reduce risk, and optimize resource usage.
This course explains how DevOps security practices differ from other approaches then delivers the education needed to apply changes to your organization. Participants learn the purpose, benefits, concepts, vocabulary and applications of DevSecOps. Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. At the course’s end, participants will understand “security as code” to make security and compliance value consumable as a service.
No course would be complete without practical application and this course teaches the steps to integrate security programs from the developers and operators through the business C-level. Every stakeholder plays a part and the learning material highlights how professionals can use these tools as the primary means of protecting the organization and customer through multiple case studies, video presentations, discussion options, and exercise material to maximize learning value. These real-life scenarios create tangible takeaways participants can leverage upon their return to the home office.
This course positions learners to pass the DevSecOps Foundation exam. Learners will receive a voucher for a web-based exam which can be taken at their convenience.
COURSE OBJECTIVES
The learning objectives include a practical understanding of:
The purpose, benefits, concepts, and vocabulary of DevSecOps
How DevOps security practices differ from other security approaches
Business-driven security strategies and Best Practices
Understanding and applying data and security sciences
Integrating corporate stakeholders into DevSecOps Practices
Enhancing communication between Dev, Sec, and Ops teams
How DevSecOps roles fit with a DevOps culture and organization
AUDIENCE
The target audience for the DevSecOps Foundation course are professionals including:
Anyone involved or interested in learning about DevSecOps strategies and automation
Anyone involved in Continuous Delivery toolchain architectures
Compliance Team
Business managers
Delivery Staff
DevOps Engineers
IT Managers
IT Security Professionals, Practitioners, and Managers
Maintenance and support staff
Managed Service Providers
Project & Product Managers
Quality Assurance Teams
Release Managers
Scrum Masters
Site Reliability Engineers
Software Engineers
Testers
LEARNER MATERIALS
Digital Learner Manual (excellent post-class reference)
Participation in exercises designed to apply concepts
Sample documents, templates, tools and techniques
Access to additional sources of information and communities
PREREQUISITES
Participants should have baseline knowledge and understanding of common DevOps definitions and principles.
CERTIFICATION EXAM Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the candidate’s designation as DevSecOps Foundation (DSOF) certified. The certification is governed and maintained by DevOps Institute.
COURSE OUTLINE
Realizing DevSecOps Outcomes
Origins of DevOps
Evolution of DevSecOps
CALMS
The Three Ways
Defining the Cyberthreat Landscape
What is the Cyber Threat Landscape?
What is the threat?
What do we protect from?
What do we protect, and why?
How do I talk to security?
Building a Responsive DevSecOps Model
Demonstrate Model
Technical, business and human outcomes
What’s being measured?
Gating and thresholding
Integrating DevSecOps Stakeholders
The DevSecOps State of Mind
The DevSecOps Stakeholders
What’s at stake for who?
Participating in the DevSecOps model
Establishing DevSecOps Best Practices
Start where you are
Integrating people, process and technology and governance
DevSecOps operating model
Communication practices and boundaries
Focusing on outcomes
Best Practices to get Started
The Three Ways
Identifying target states
Value stream-centric thinking
DevOps Pipelines and Continuous Compliance
The goal of a DevOps pipeline
Why continuous compliance is important
Archetypes and reference architectures
Coordinating DevOps Pipeline construction
DevSecOps tool categories, types and examples
Learning Using Outcomes
Security Training Options
Training as Policy
Experiential Learning
Cross-Skilling
The DevSecOps Collective Body of Knowledge
Preparing for the DevSecOps Foundation certification exam
