Elevate your DevOps expertise with our comprehensive “Basics of DevSecOps” course, specifically designed to provide you with a robust understanding of security-centric DevOps practices and patterns. Expanding upon the foundational concepts covered in Basics of DevOps, this course delves deeper into DevSecOps, a vital sub-practice that focuses on the seamless integration of security throughout the entire development lifecycle, ensuring it aligns with the scale and speed of both development and operations.
In this course, you’ll explore the core principles of DevSecOps, learning how to transform your organizational culture and technical practices to enhance your organization’s overall security posture. You’ll gain valuable insights into adopting DevSecOps, securing the DevSecOps pipeline, and understanding the crucial role of operations and monitoring in maintaining a secure environment.
Key Course Outcomes:
- DevSecOps Concepts: Acquire a comprehensive understanding of the core principles of DevSecOps and its significance within the software development lifecycle.
- Adopting DevSecOps: Learn effective strategies to transform your organization’s culture and technical practices, ultimately improving security posture and reducing vulnerabilities.
- Securing the DevSecOps Pipeline: Delve into the techniques and best practices for ensuring a secure pipeline from initial design to production, reducing security risks and fostering a proactive security mindset.
- Operations and Monitoring: Gain insights into the essential role of operations and monitoring in maintaining a secure DevSecOps environment, promoting continuous improvement and rapid response to potential threats.
Upon completing this course, you will have a well-rounded understanding of how to integrate security at every level of the software development lifecycle, ultimately leading to a more resilient, secure, and efficient organization.
Course Objectives
The “Basics of DevSecOps” course aims to equip participants with the knowledge and skills necessary to successfully integrate security-centric DevOps practices and patterns into their organizations. By the end of the course, participants will be able to:
- Understand the fundamentals of DevSecOps and its importance in the software development lifecycle.
- Recognize the value of integrating security throughout the entire development process, from design to production.
- Identify effective strategies for transforming organizational culture and technical practices to enhance the overall security posture.
- Learn best practices for securing the DevSecOps pipeline and reducing security risks.
- Comprehend the critical role of operations and monitoring in maintaining a secure DevSecOps environment and promoting continuous improvement.
- Apply the concepts and techniques learned in the course to real-world scenarios, fostering a proactive security mindset within their organizations.
By focusing on these key objectives, the “Basics of DevSecOps” course will empower participants to confidently implement security-centric DevOps practices, ultimately leading to more resilient, secure, and efficient organizations.
Course Structure
Content Duration
10 hours of on-demand, interactive activities.
Introduction
- Core Concepts
- What is DevSecOps?
- The need for DevSecOps
- The Tenets of DevSecOps
- The DevSecOps Manifesto
- The Manifesto Model
- The Value of DevSecOps
- The historic problem
- Security in a DevOps World
- Finding the Value of Security
Adopting DevSecOps
- Growing into DevSecOps
- Growing
- DevOps Maturity Model
- DevSecOps Maturity Model
- Roles in DevSecOps
- Roles
- Leadership
- Compliance and Advisory
- Teams
- Fighting DevSecOps Misinformation
- Myth 1
- Myth 2
- Myth 3
- Myth 4
- Conclusion
Security and Operations
Securing the DevSecOps Pipeline
- Security at Inception
- Threat modeling
- Empowering Security
- Writing Secure Code
- The Danger of Insecure Code
- Learning to Develop Securely
- Software Composition Analysis
- OWASP Top 10
- Building Securely
- Security as Code
- Static Application Security Testing
- Dynamic Security Testing
- Dynamic Security Testing
- Dynamic Application
- Penetration Testing
- Red Teaming
- Blue Teaming
- Release and Deploy
- Releasing with Confidence
- The Feedback Loop
- Securing the DevSecOps Pipeline
Security Monitoring and Response
- Operations and Monitoring
- The Value of Monitoring
- Monitoring vs. Telemetry
- Security Metric Tracking
- Security Incident & Event Management
- Defining SIEMS
- Events vs. Incidents
- Alerts
- Incident Response
- Six Step Incident Response
- Prepare and Identify
- Contain
- Eradicate
- Recover
- Security Monitoring and Response
- Learn
- Automated Incident Response
Landing
- Conclusions and next steps