A tanfolyamról
The DevOps ideology and its emphasis on collaboration between operations, development, testing and support during software development has helped organizations keep up with markets expectations of rapid product rollouts and continuous service. DevOps transformations are enthusiastically adopted by organizations considering the business benefits, but for it to be successful it is important to integrate security as well in every stage of the software development.
DevSecOps is the part of DevOps that emphasises on embedding security early on in the development thus minimizing risk. The DevSecOps Foundation (DSOF)℠ course and the subsequent certification by the DevOps Institute provides candidates the training to understand and apply data and security sciences and the practical steps on integrating security programs into DevOps practices.
What you will learn
- What is DevSecOps: The purpose, benefits, concepts, and vocabulary of DevSecOps
- Benefits: How DevOps security practices differ from other security approaches
- DevOps for business: Business-driven security strategies
- Hands on: Understanding and applying data and security sciences
- DevSecOps groups: The use and benefits of Red and Blue Teams
- Workflow security: Integrating security into Continuous Delivery workflows
- Integration: How DevSecOps roles fit with a DevOps culture and organization
Who should attend
- Those interested in DevSecOps strategies and automation
- Anyone involved in Continuous Delivery toolchain architectures
- Compliance Team
- Delivery Staff
- DevOps Engineers
- IT Managers
- IT Security Professionals, Practitioners, and Managers
- Maintenance and support staff
- Managed Service Providers
- Project & Product Managers
- Quality Assurance Teams
- Release Managers
- Scrum Masters
- Site Reliability Engineers
- Software Engineers
- Testers
By the end of the course you will learn the purpose, benefits, concepts and vocabulary of DevSecOps including DevOps security strategies and aligning them to business benefits.
We provide the course in English.
Tematika
Curriculum
Course Introduction
- Course Goals
- Course Agenda
- Exercise: Diagramming Your CI/CD Pipeline
Why DevSecOps?
- Key Terms and Concepts
- Why DevSecOps is important
- 3 Ways to Think About DevOps+Security
- Key Principles of DevSecOps
Culture and Management
- Key Terms and Concepts
- Incentive Model
- Resilience
- Organizational Culture
- Generativity
- Erickson, Westrum, and LaLoux
- Exercise: Influencing Culture
Strategic Considerations
- Key Terms and Concepts
- How Much Security is Enough?
- Threat Modeling
- Context is Everything
- Risk Management in a High-velocity World
- Exercise: Measuring For Success
General Security Considerations
- Avoiding the Checkbox Trap
- Basic Security Hygiene
- Architectural Considerations
- Federated Identity
- Log Management
IAM: Identity & Access Management
- Key Terms and Concepts
- IAM Basic Concepts
- Why IAM is Important
- Implementation Guidance
- Automation Opportunities
- How to Hurt Yourself with IAM
- Exercise: Overcoming IAM Challenges
Application Security
- Application Security Testing (AST)
- Testing Techniques
- Prioritizing Testing Techniques
- Issue Management Integration
- Threat Modeling
- Leveraging Automation
Operational Security
- Key Terms and Concepts
- Basic Security Hygiene Practices
- Role of Operations Management
- The Ops Environment
- Exercise: Adding Security to Your CI/CD Pipeline
Governance, Risk, Compliance (GRC) and Audit
- Key Terms and Concepts
- What is GRC?
- Why Care About GRC?
- Rethinking Policies
- Policy as Code
- Shifting Audit Left
- 3 Myths of Segregation of Duties vs. DevOps
- Exercise: Making Policies, Audit and Compliance Work with DevOps
Logging, Monitoring, and Response
- Key Terms and Concepts
- Setting Up Log Management
- Incident Response and Forensics
- Threat Intelligence and Information Sharing
Course Review
- Where We Started
- What We Covered
- Key Reminders of What’s Important
- Exercise: Creating a Personal Action Plan
Exam Preparations
- Exam Requirements, Question Weighting, and Terminology List
- Sample Exam Review
Kinek ajánljuk
Előfeltételek
Prerequisites
Although there are no formal prerequisites for the exam, it is recommended that candidates complete at least 16 contact hours (instruction and labs) as part of a formal, approved training course delivered by an accredited Education Partner of DevOps Institute