DevSecOps Foundation

This course is presented as Live Virtual Training. Click for more details.

*Previously known as DevSecOps Engineering

Learn the purpose, benefits, concepts, and vocabulary of DevSecOps including DevOps security strategies and business benefits.

Beginning with software development, and continuing into production, security is everyone’s responsibility.
Shift left principles are adopted at the very beginning of a project, to find and correct software defects, as early as possible in the software delivery lifecycle.

As companies deploy code faster and more often than ever, new vulnerabilities are also accelerating. DevOps practices add business and security value as an integral, strategic component. Delivering development, security and operations at the speed of business should be an essential component for any modern enterprise.

This course explains the purpose, benefits, concepts, vocabulary and applications of DevSecOps. Most importantly, attendees learn how DevSecOps roles fit within a DevOps culture and organisation. By the end of the course participants will understand “security as code” to make security and compliance value consumable as a service.

The DevSecOps course covers the steps to integrate security programs from developers and operators through the business C-level. Every stakeholder plays a part and the learning material highlights how professionals can use these tools as the primary means of protecting the organisation and customer through multiple case studies, video presentations, discussion options, and exercise material to maximise learning value. These real-life scenarios create tangible takeaways participants can leverage upon their return to the office.

The course positions learners to pass the DevSecOps Foundation exam from the DevOps Institute.

Learning outcomes

The learning objectives include a practical understanding of:

• The purpose, benefits, concepts, and vocabulary of DevSecOps
• How DevOps security practices differ from other security approaches
• Business-driven security strategies and Best Practices
• Understanding and applying data and security sciences
• Integrating corporate stakeholders into DevSecOps practices
• Enhancing communication between Dev, Sec, and Ops teams
• How DevSecOps roles fit with a DevOps culture and organisation

 

View the DevSecOps BLUEPRINT

Who should attend

The target audience for the DevSecOps Foundation course are professionals who are seeking an understanding of DevSecOps practices:

• Anyone involved or interested in learning about DevSecOps strategies and automation
• Anyone involved in Continuous Delivery toolchain architectures
• Compliance Team
• Business managers
• Delivery Staff
• DevOps Engineers
• IT Managers
• IT Security Professionals, Practitioners, and Managers
• Maintenance and support staff
• Managed Service Providers
• Project & Product Managers
• Quality Assurance Teams
• Release Managers
• Scrum Masters
• Site Reliability Engineers
• Software Engineers
• Testers

Course contents

1. Realising DevSecOps Outcomes

• Origins of DevOps
• Evolution of DevSecOps
• Other Frameworks
• CALMS
• The Three Ways

2. Defining the Cyber Threat Landscape

• What is the Cyber Threat Landscape?
• What is the threat?
• What do we protect from?
• What do we protect, and why?
• How do I talk to security?

3. Building a Responsive DevSecOps Model

• DevSecOps Model with components
• Technical, business and human toll outcomes
• What’s being measured?
• Gating and thresholding
• Incremental improvements

4. Integrating DevSecOps Stakeholders

• The DevSecOps State of Mind
• What “good” culture looks like
• The DevSecOps Stakeholders
• What’s at stake for who?
• People, process, technology and governance

5. Establishing DevSecOps Practices

• Start where you are
• Integrating people, process, technology and governance
• Continuous Security for DevSecOps
• Onboarding process for stakeholders
• Practices and outcomes
• Data driven decision making and response

6. Best Practices to Get Started

• Identifying target state
• Value stream-thinking
• Flow
• Feedback
• Learning

7. DevOps Pipelines and Continuous Compliance

• The goal of a DevOps pipeline
• Why continuous compliance is important
• Archetypes and reference architectures
• Coordinating DevOps Pipeline construction
• DevSecOps tool categories, types and examples

8. Learning Using Outcomes

• Security Training Options
• Training as Policy
• Experiential Learning
• Cross-Skilling
• The DevSecOps Collective Body of Knowledge
• Preparing for the DevSecOps Foundation certification exam
• Next Steps

Course fees

Fees per Person

DevSecOps Foundation

• MYR 4800 + SST

Fees include:

• Course presentation
• Course workbook
• DevSecOps Foundation Exam
  • Available on request - Take2 Re-sit Exam option. Contact ALC for more information.

Pre-Requisites

There are no formal pre-requisites to attend the DevSecOps Foundation Course. It is helpful though, if participants have a baseline knowledge and understanding of common DevOps definitions and principles such as is covered in the DevOps Foundation course.

DevSecOps Foundation Certificate Exam

Once you’ve completed your training, you can gain a globally recognised certification with the DevSecOps Foundation Exam. Participants will be provided with an online exam voucher to sit the exams at a time and date of their choosing within 3 months of the course. The web-proctored exams are available 24/7 and run by the examination institute PEOPLECERT.

The exam details are as follows:

• 60 minutes
• 40 multiple choice questions
• Pass mark of 65% (26 out of 40)
• Open book
• Web-based (single-browser)

Successfully passing the examination leads to the candidate receiving a DevSecOps Foundation Certification (DSOF). The certification is governed and maintained by the DevOps Institute.