Course Details

Course Outline

1 - Course Introduction

Course Goals

Course Agenda

2 - Why DevSecOps

Key Terms and Concepts

Why DevSecOps is important

3 Ways to Think About DevOps+Security

Key Principles of DevSecOps

3 - Culture and Management

Key Terms and Concepts

Incentive Model

Resilience

Organizational Culture

Generativity

Erickson, Westrum, and LaLoux

Exercise: Influencing Culture

4 - Strategic Considerations

Key Terms and Concepts

How Much Security is Enough?

Threat Modeling

Context is Everything

Risk Management in a High-velocity World

Exercise: Measuring For Success

5 - General Security Considerations

Avoiding the Checkbox Trap

Basic Security Hygiene

Architectural Considerations

Federated Identity

Log Management

6 - IAM: Identity & Access Management

Key Terms and Concepts

IAM Basic Concepts

Why IAM is Important

Implementation Guidance

Automation Opportunities

How to Hurt Yourself with IAM

Exercise: Overcoming IAM Challenges

7 - Application Security

Application Security Testing (AST)

Testing Techniques

Prioritizing Testing Techniques

Issue Management Integration

Threat Modeling

Leveraging Automation

8 - Operational Security

Key Terms and Concepts

Basic Security Hygiene Practices

Role of Operations Management

The Ops Environment

Exercise: Adding Security to Your CI/CD Pipeline

9 - Governance, Risk, Compliance (GRC) and Audit

Key Terms and Concepts

What is GRC?

Why Care About GRC?

Rethinking Policies

Policy as Code

Shifting Audit Left

3 Myths of Segregation of Duties vs. DevOps

Exercise: Making Policies, Audit and Compliance

10 - Logging, Monitoring and Response

Key Terms and Concepts

Setting Up Log Management

Incident Response and Forensics

Threat Intelligence and Information Sharing

11 - Course Review

Where We Started

What We Covered

Key Reminders of What’s Important

Exercise: Creating a Personal Action Plan

12 - Exam Preparations

Exam Requirements, Question Weighting and

13 - Terminology List

Sample Exam Review

Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Who is it For?

Target Audience

This course is intended for:

Anyone starting or leading a DevOps cultural transformation program

Anyone interested in modern IT leadership and organizational change approaches

Business Analysts

Business Stakeholders

Consultants

DevOps tool providers

IT Operations Managers

IT Leadership

Practitioners and change agents

Project Managers

Systems Integrators

Team Leaders, Managers, Directors

Tool Suppliers

Prerequisites

DevOps Foundation (DevOps Institute)

DevSecOps Foundation (DevOps Institute)

Learning Objectives

Course Details

Course Outline

1 - Course Introduction

2 - Why DevSecOps

3 - Culture and Management

4 - Strategic Considerations

5 - General Security Considerations

6 - IAM: Identity & Access Management

7 - Application Security

8 - Operational Security

9 - Governance, Risk, Compliance (GRC) and Audit

10 - Logging, Monitoring and Response

11 - Course Review

12 - Exam Preparations

13 - Terminology List

Who is it For?

Target Audience

Prerequisites

DevSecOps Foundation (DevOps Institute)

Student Login

DevSecOps Foundation (DevOps Institute)

Learning Objectives

Course Details

Course Outline

1 - Course Introduction

2 - Why DevSecOps

3 - Culture and Management

4 - Strategic Considerations

5 - General Security Considerations

6 - IAM: Identity & Access Management

7 - Application Security

8 - Operational Security

9 - Governance, Risk, Compliance (GRC) and Audit

10 - Logging, Monitoring and Response

11 - Course Review

12 - Exam Preparations

13 - Terminology List

Who is it For?

Target Audience

Prerequisites

DevSecOps Foundation (DevOps Institute)