Search our courses
Training

As companies are pushing code faster and more often than ever, the rate of vulnerabilities in our systems is accelerating. As we are being asked to do more with less, DevOps has shown immense value to business and security as an integral component that needs to be integrated into the strategy.

Topics covered in the course include how DevSecOps provides the business value of DevOps and the ability DevOps has to enable the business and support an organizational transformation with the ultimate goal of increasing productivity, reducing risk, and optimizing cost in the organization.

This DevSecOps Engineering training course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security sciences. Participants learn the purpose, benefits, concepts, and vocabulary of DevSecOps; particularly how DevSecOps roles fit with a DevOps culture and organization. At the end of this course, participants will understand using “security as code” with the intent of making security and compliance consumable as a service.

The course is designed to teach practical steps on how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means of protecting the organization and customer.

Using real-life scenarios and case studies, participants will have tangible takeaways to leverage when back at the office.

This course positions learners to successfully complete the DevSecOps Engineering exam, which is offered on the last day of class for classroom learners.

COURSE OBJECTIVES

The learning objectives include a practical understanding of:

  •     The purpose, benefits, concepts, and vocabulary of DevSecOps
  •     How DevOps security practices differ from other security approaches
  •     Business-driven security strategies
  •     Understanding and applying data and security sciences
  •     The use and benefits of Red and Blue Teams
  •     Integrating security into Continuous Delivery workflows
  •     How DevSecOps roles fit with a DevOps culture and organization

DevSecOps Engineering

Course Code

GTDSE

Duration

2 Days

Course Fee

POA

Accreditation

DevSecOps Engineer Certification (DSOE)

 

Successfully passing (65%) the 90 minute, multiple choice, Bloom's Taxonomy levels 1, 2 and 3 exam leads to the DevSecOps Engineer (DSOE)℠certificate. The certification is governed and maintained by the DevOps Institute; exams are delivered through an independent, global examination partner.

Target Audience

  • Anyone involved or interested in learning about DevSecOps strategies and automation
  • Anyone involved in Continuous Delivery toolchain architectures
  • Compliance Team
  • Delivery Staff
  • DevOps Engineers
  • IT Managers
  • IT Security Professionals, Practitioners, and Managers
  • Maintenance and support staff
  • Managed Service Providers
  • Project & Product Managers
  • Quality Assurance Teams
  • Release Managers
  • Scrum Masters
  • Site Reliability Engineers
  • Software Engineers
  • Testers

Attendee Requirements

  •     DevOps Foundation® Certificate
  •     Familiarity with IT software development and operations responsibilities

 

Expand all

Course Description

As companies are pushing code faster and more often than ever, the rate of vulnerabilities in our systems is accelerating. As we are being asked to do more with less, DevOps has shown immense value to business and security as an integral component that needs to be integrated into the strategy.

Topics covered in the course include how DevSecOps provides the business value of DevOps and the ability DevOps has to enable the business and support an organizational transformation with the ultimate goal of increasing productivity, reducing risk, and optimizing cost in the organization.

This DevSecOps Engineering training course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security sciences. Participants learn the purpose, benefits, concepts, and vocabulary of DevSecOps; particularly how DevSecOps roles fit with a DevOps culture and organization. At the end of this course, participants will understand using “security as code” with the intent of making security and compliance consumable as a service.

The course is designed to teach practical steps on how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means of protecting the organization and customer.

Using real-life scenarios and case studies, participants will have tangible takeaways to leverage when back at the office.

This course positions learners to successfully complete the DevSecOps Engineering exam, which is offered on the last day of class for classroom learners.

COURSE OBJECTIVES

The learning objectives include a practical understanding of:

  •     The purpose, benefits, concepts, and vocabulary of DevSecOps
  •     How DevOps security practices differ from other security approaches
  •     Business-driven security strategies
  •     Understanding and applying data and security sciences
  •     The use and benefits of Red and Blue Teams
  •     Integrating security into Continuous Delivery workflows
  •     How DevSecOps roles fit with a DevOps culture and organization
Course Outline

Course Introduction

  •     Course Goals
  •     Course Agenda
  •     Exercise: Diagramming Your CI/CD Pipeline

    Why DevSecOps?

  •     Key Terms and Concepts
  •     Why DevSecOps is important
  •     3 Ways to Think About DevOps+Security
  •     Key Principles of DevSecOps

    Culture and Management

  •     Key Terms and Concepts
  •     Incentive Model
  •     Resilience
  •     Organizational Culture
  •     Generativity
  •     Erickson, Westrum, and LaLoux
  •     Exercise: Influencing Culture

    Strategic Considerations

  •     Key Terms and Concepts
  •     How Much Security is Enough?
  •     Threat Modeling
  •     Context is Everything
  •     Risk Management in a High-velocity World
  •     Exercise: Measuring For Success

    General Security Considerations

  •     Avoiding the Checkbox Trap
  •     Basic Security Hygiene
  •     Architectural Considerations
  •     Federated Identity
  •     Log Management

    IAM: Identity & Access Management

  •     Key Terms and Concepts
  •     IAM Basic Concepts
  •     Why IAM is Important
  •     Implementation Guidance
  •     Automation Opportunities
  •     How to Hurt Yourself with IAM
  •     Exercise: Overcoming IAM Challenges

    Application Security

  •     Application Security Testing (AST)
  •     Testing Techniques
  •     Prioritizing Testing Techniques
  •     Issue Management Integration
  •     Threat Modeling
  •     Leveraging Automation

    Operational Security

  •     Key Terms and Concepts
  •     Basic Security Hygiene Practices
  •     Role of Operations Management
  •     The Ops Environment
  •     Exercise: Adding Security to Your CI/CD Pipeline

    Governance, Risk, Compliance (GRC) and Audit

  •     Key Terms and Concepts
  •     What is GRC?
  •     Why Care About GRC?
  •     Rethinking Policies
  •     Policy as Code
  •     Shifting Audit Left
  •     3 Myths of Segregation of Duties vs. DevOps
  •     Exercise: Making Policies, Audit and Compliance Work with DevOps

    Logging, Monitoring, and Response

  •     Key Terms and Concepts
  •     Setting Up Log Management
  •     Incident Response and Forensics
  •     Threat Intelligence and Information Sharing

    Course Review

  •     Where We Started
  •     What We Covered
  •     Key Reminders of What’s Important
  •     Exercise: Creating a Personal Action Plan

    Exam Preparations

  •     Exam Requirements, Question Weighting, and Terminology List
  •     Sample Exam Review
Exam

Successfully passing (65%) the 90 minute, multiple choice, Bloom's Taxonomy levels 1, 2 and 3 exam leads to the DevSecOps Engineer (DSOE)℠certificate.

Learning Path
Ways to Attend
  • Attend a public course, if there is one available. Please check our schedule, or register your interest in joining a course in your area.
  • Private onsite Team training also available, please contact us to discuss. We can customise this course to suit your business requirements.

Private Team Training is available for this course

We deliver this course either on or off-site in various regions around the world, and can customise your delivery to suit your exact business needs. Talk to us about how we can fine-tune a course to suit your team's current skillset and ultimate learning objectives.

Private Team Training | Contact us

Technical ICT learning & mentoring services

Private Team Training

Our instructors are specialist consultants with vast real world experience and expertise allowing them to design and deliver client-focused courses for your organisation.

Learn more about our Private Team Training

What Our Clients Say

“I particularly liked the heavy hands on sessions that went on with the training. Other than that, really liked Mark's training style. His experience in the field really shines through.”

 

Docker - GTDK1

Feb ‘19

“Instructor's ability to demonstrate new features that are not part of the course help show his mastery as well as prepare us for changes in the technology. Great work.

 

Using Docker & Kubernetes in Production - GTK8SG

Oct ‘18


“This course was an excellent insight into the Cloud Service Management world and equips me with the tools to go back to my company and build upon it.”

 

Cloud Service Manager - GTC13

Jan ‘19

 

''Fantastic course, looking forward to applying this in my work and home life. Excellent, practical approach, very motivational. I think the entire company should attend training.''

 

Being Agile in Business - GTBAB

Sept '19

“Excellent instructor. You can tell he really understands the concepts he's presenting and is very passionate about his work. He answered every question we asked and presented the course in an interesting and involving manner.”

 

Spring Boot Development - GTIT40

Nov ‘18

"Intelligence is the ability to avoid doing work, yet
getting the work done"

Linus Torvalds, creator of Linux and GIT

Technical ICT learning & mentoring services

About GuruTeam

GuruTeam is a high-level ICT Learning, Mentoring and Consultancy services company. We specialise in delivering instructor-led on and off-site training in Blockchain, Linux, Cloud, Big Data, DevOps, Kubernetes, Agile, Software & Web Development technologies. View our Testimonials

Download our eBrochure
Our Accreditation Partners

 

  •  
  •  
  •  
  •  
  •  

 

 

 

 

 

Upcoming Courses

Kubernetes Administration

16th - 19th December - Dublin

This Kubernetes Administration Certification training course is suitable for anyone who wants to learn the skills necessary to build and administer a Kubernetes cluster

Learn More

CompTIA Network+ FastTrack

11th - 14th November - Cork

This fast-paced course teaches the essentials of networking and helps to prepare the student for the CompTIA Network+ certification.

Learn More

Applied Data Science with Python

17th - 18th December - Dublin

Learn about the theoretical and practical aspects of using Python in the realm of Data Science, Business Analytics, and Data Logistics

Learn More

Introduction to Python 3

8th - 10th October - Cork

5th - 7th November - Cork

Python is a powerful and popular object-oriented programming/scripting language with many high quality libraries.

Learn More

Newsletter

Stay up to date, receive updates on scheduled dates, new courses, offers, and events.

Subscribe to our Newsletter