DevSecOps Engineering (DSOE)

Duration: 2 Days

Course Overview

Learn the purpose, benefits, concepts, and vocabulary of DevSecOps including DevOps security strategies and business benefits.

This course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security sciences. Participants learn the purpose, benefits, concepts, and vocabulary of DevSecOps; particularly how DevSecOps roles fit with a DevOps culture and organization. At the end of this course, participants will understand using “security as code” with the intent of making security and compliance consumable as a service.

The course is designed to teach practical steps on how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means of protecting the organization and customer.

This course positions attendees to successfully complete the DevSecOps Engineering exam, which is offered on the last day of class.

How can I attend my course?

On-line from
your chosen location

At our dedicated
training facility

On-site at
your premises

Target Audience

The target audience for the DevSecOps Engineering course are professionals including:

Anyone involved or interested in learning about DevSecOps strategies and automation
Anyone involved in Continuous Delivery toolchain architectures
Compliance Team
Delivery Staff
DevOps Engineers
IT Managers
IT Security Professionals, Practitioners, and Managers
Maintenance and support staff
Managed Service Providers
Project & Product Managers
Quality Assurance Teams
Release Managers
Scrum Masters
Site Reliability Engineers
Software Engineers
Testers

COURSE OBJECTIVES

• The purpose, benefits, concepts, and vocabulary of DevSecOps
• How DevOps security practices differ from other security approaches
• Business-driven security strategies
• Understanding and applying data and security sciences
• The use and benefits of Red and Blue Teams
• Integrating security into Continuous Delivery workflows
• How DevSecOps roles fit with a DevOps culture and organization

Course Content

Course Introduction

• Course Goals
• Course Agenda
Exercise: Diagramming Your CI/CD Pipeline

Why DevSecOps?

• Key Terms and Concepts
• Why DevSecOps is important
• 3 Ways to Think About DevOps+Security
• Key Principles of DevSecOps

Culture and Management

• Key Terms and Concepts
• Incentive Model
• Resilience
• Organizational Culture
• Generativity
• Erickson, Westrum, and LaLoux
Exercise: Influencing Culture

Strategic Considerations

• Key Terms and Concepts
• How Much Security is Enough?
• Threat Modeling
• Context is Everything
• Risk Management in a High-velocity World
Exercise: Measuring For Success

General Security Considerations

• Avoiding the Checkbox Trap
• Basic Security Hygiene
• Architectural Considerations
• Federated Identity
• Log Management

IAM: Identity & Access Management

• Key Terms and Concepts
• IAM Basic Concepts
• Why IAM is Important
• Implementation Guidance
• Automation Opportunities
• How to Hurt Yourself with IAM
Exercise: Overcoming IAM Challenges

Application Security

• Application Security Testing (AST)
• Testing Techniques
• Prioritizing Testing Techniques
• Issue Management Integration
• Threat Modeling
• Leveraging Automation

Operational Security

• Key Terms and Concepts
• Basic Security Hygiene Practices
• Role of Operations Management
• The Ops Environment
Exercise: Adding Security to Your CI/CD Pipeline

Governance, Risk, Compliance (GRC) and Audit

• Key Terms and Concepts
• What is GRC?
• Why Care About GRC?
• Rethinking Policies
• Policy as Code
• Shifting Audit Left
• 3 Myths of Segregation of Duties vs. DevOps
Exercise: Making Policies, Audit and Compliance Work with DevOps

Logging, Monitoring, and Response

• Key Terms and Concepts
• Setting Up Log Management
• Incident Response and Forensics
• Threat Intelligence and Information Sharing

Course Review

• Where We Started
• What We Covered
• Key Reminders of What’s Important
Exercise: Creating a Personal Action Plan

Exam Preparations

• Exam Requirements, Question Weighting, and Terminology List
• Sample Exam Review

Learner Materials:

• Digital Learner Manual (excellent post-class reference)
• Participation in exercises designed to apply concepts
• Sample documents, templates, tools and techniques
• Access to additional sources of information and communities

Certification exam:

• Successfully passing (65%) the 90-minute examination, consisting of 40 multiple-choice questions, leads tothe candidate’s designation as a certified DevSecOps Engineer (DSOE).
• The certification is governed andmaintained by the DevOps Institute.

COURSE PREREQUISITES

The DevOps Foundation certification is a prerequisite for DevSecOps Engineering to ensure participants are aligned with the baseline DevOps definitions and principles.

You will receive a full set of course notes
and all supporting materials for your course.

Hard Copy Delivered to your premises or Downloaded to a chosen device.

Download a
Course Outline PDF

You will receive a full set of course notes and all supporting materials for your course.
Hard Copy Delivered to your premises or Downloaded to a chosen device.

To book this course please call 
+44 (0) 1444 410296 or email Info@kplknowledge.co.uk

Contact us