making IT better!
MENU

DevSecOps Engineering

Enroll Now! or Contact Us!

16 hours – On-site or Virtual with live certified trainer

As companies are pushing code faster and more often than ever, the rate of vulnerabilities in systems is accelerating. As IT organizations are being asked to do more with less, DevOps has shown immense value to businesses and security is an integral component that needs to be integrated into the strategy. This course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security sciences.

DevOps Institute Registered Education Partner

  • Official DevOps Institute student material
  • Practical exercises
  • Simulation exam
  • Course completion diploma
  • Official certification exam from the DevOps Institute
  • 16 PDUs
    Course details
  1. What will I achieve?
  2. Who is this course for?
  3. What are the exam characteristics?
  4. What are the course contents?
  5. Payment methods

What will I achieve?

  • Learn how DevSecOps roles fit with a DevOps culture and organization.
  • Applying data and security sciences into the organizational context.
  • Integrate security into Continuous Delivery workflows.
  • Understand using 'security as code' with the intent of making security and compliance consumable as a service.
  • Know how to integrate security programs into DevOps practices.
  • Be able to use data and security science as the primary means of protecting the organization and customer.
  • Enable DevSecOps practices to support an organizational transformation with the ultimate goal of increasing productivity, reducing risk, and optimizing cost in the organization.
  • Obtain the DevSecOps Engineering certification.

Who is this course for?

  • Anyone involved or interested in learning about DevSecOps strategies and automation
  • Anyone involved in Continuous Delivery toolchain architectures
  • Compliance Teams
  • Delivery Staff
  • DevOps Engineers
  • IT Managers
  • IT Security Professionals, Practitioners, and Managers
  • Maintenance and support staff
  • Managed Service Providers
  • Project and Product Managers
  • Quality Assurance Teams
  • Release Managers
  • Scrum Masters
  • Site Reliability Engineers
  • Software Engineers
  • Testers

What are the exam characteristics?

  • Time allocated: 90 minutes
  • Number of questions: 40 multiple-choice
  • Passing score: 65% (26 correct answers)
  • Format: Online or Paper; closed-book
  • Prerequisites: Holding the DevOps Foundation certificate (certificate must be presented as evidence for exam registration). At least 4 hours of personal study during the course are recommended.
When will I know my exam results?

When the exam is paper-based, the results will be notified to the participant afterwards through email. When it is web-based, the participant will get the results immediately after finishing the exam.

What happens if I fail the exam?

The participant who fails the exam may take it again any times at extra cost. No time window between exams is required.

What are the course contents?

  • 1 Why DevSecOps?
    • 1.1 Key Terms and Concepts
    • 1.2 Why DevSecOps is important
    • 1.3 3 Ways to Think About DevOps + Security
    • 1.4 Key Principles of DevSecOps
  • 2 Culture and Management
    • 2.1 Key Terms and Concepts
    • 2.2 Incentive Model
    • 2.3 Resilience
    • 2.4 Organizational Culture
    • 2.5 Generativity
    • 2.6 Erickson, Westrum, and LaLoux
    • 2.7 Exercise: Influencing Culture
  • 3 Strategic Considerations
    • 3.1 Key Terms and Concepts
    • 3.2 How Much Security is Enough?
    • 3.3 Threat Modeling
    • 3.4 Context is Everything
    • 3.5 Risk Management in a High-velocity World
    • 3.6 Exercise: Measuring For Success
  • 4 General Security Considerations
    • 4.1 Avoiding the Checkbox Trap
    • 4.2 Basic Security Hygiene
    • 4.3 Architectural Considerations
    • 4.4 Federated Identity
    • 4.5 Log Management
  • 5 IAM: Identity & Access Management
    • 5.1 Key Terms and Concepts
    • 5.2 IAM Basic Concepts
    • 5.3 Why IAM is Important
    • 5.4 Implementation Guidance
    • 5.5 Automation Opportunities
    • 5.6 How to Hurt Yourself with IAM
    • 5.7 Exercise: Overcoming IAM Challenges
  • 6 Application Security
    • 6.1 Application Security Testing (AST)
    • 6.2 Testing Techniques
    • 6.3 Prioritizing Testing Techniques
    • 6.4 Issue Management Integration
    • 6.5 Threat Modeling
    • 6.6 Leveraging Automation
  • 7 Operational Security
    • 7.1 Key Terms and Concepts
    • 7.2 Basic Security Hygiene Practices
    • 7.3 Role of Operations Management
    • 7.4 The Ops Environment
    • 7.5 Exercise: Adding Security to Your CI/CD Pipeline
  • 8 Governance, Risk, Compliance (GRC) and Audit
    • 8.1 Key Terms and Concepts
    • 8.2 What is GRC?
    • 8.3 Why Care About GRC?
    • 8.4 Rethinking Policies
    • 8.5 Policy as Code
    • 8.6 Shifting Audit Left
    • 8.7 Three Myths of Segregation of Duties vs. DevOps
    • 8.8 PExercise: Making Policies, Audit and Compliance Work with DevOps
  • 9 Logging, Monitoring, and Response
    • 9.1 Key Terms and Concepts
    • 9.2 Setting Up Log Management
    • 9.3 Incident Response and Forensics
    • 9.4 Threat Intelligence and Information Sharing
  • 10 Course Review
    • 10.1 Where We Started
    • 10.2 What We Covered
    • 10.3 Key Reminders of What's Important
    • 10.4 Exercise: Creating a Personal Action Plan

Payment methods:

  • Check
  • Wire transfer
  • Credit card (via PayPal)

For more information about this training course (schedules, locations, costs, etc.) or any of the other IT training courses we offer, please contact us. We will be happy to assist you!

We can be flexible. Contact us to set a date that works for you! Ask for Team Discounts!