Interop is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

November 10 | 10:00 am - 6:00 pm EST | 8 Hours

Learn the purpose, benefits, concepts, and vocabulary of DevSecOps including DevOps security strategies and business benefits.

This one-day virtual instructor-led training, presented by DevOps Institute, will allow attendees to earn the DevSecOps Foundation℠ Certification following the course. This course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security sciences. Participants learn the purpose, benefits, concepts, and vocabulary of DevSecOps and will be engaged through the use of whiteboards for interactive diagrams and discussion, polling questions throughout, breakout activities and more. Attendees will be able to download their digital course materials beforehand including valuable post-training reference materials such as a list of value-added resources, DevOps glossary, sample exams and exam requirements document. Following the course, attendees will receive an exam voucher to take the DevSecOps Foundation℠ certification exam.

Overview

As companies deploy code faster and more often than ever, new vulnerabilities are also accelerating. When the boss says, "Do more with less", DevOps practices adds business and security value as an integral, strategic component. Delivering development, security, and operations at the speed of business should be an essential component for any modern enterprise.

Course topics covered include how DevSecOps provides business value, enhancing your business opportunities and improving corporate value. The core DevSecOps principles taught can support an organizational transformation, increase productivity, reduce risk, and optimize resource usage.

This course explains how DevOps security practices differ from other approaches then delivers the education needed to apply changes to your organization. Participants learn the purpose, benefits, concepts, vocabulary, and applications of DevSecOps. Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. At the course's end, participants will understand "security as code" to make security and compliance value consumable as a service.

This course positions learners to pass the DevSecOps Foundation exam. Learners will receive a voucher for a web-based exam which can be taken at their convenience.

What You'll Learn

The learning objectives include a practical understanding of:

  • The purpose, benefits, concepts, and vocabulary of DevSecOps
  • How DevOps security practices differ from other security approaches
  • Business-driven security strategies and Best Practices
  • Understanding and applying data and security sciences
  • Integrating corporate stakeholders into DevSecOps Practices
  • Enhancing communication between Dev, Sec, and Ops teams
  • How DevSecOps roles fit with a DevOps culture and organization

Who Should Attend

The target audience for the DevSecOps Foundation course are professionals including:

  • Anyone involved or interested in learning about DevSecOps strategies and automation
  • Anyone involved in Continuous Delivery toolchain architectures
  • Compliance Team
  • Business managers
  • Delivery Staff
  • DevOps Engineers
  • IT Managers
  • IT Security Professionals, Practitioners, and Managers
  • Maintenance and support staff
  • Managed Service Providers
  • Project & Product Managers
  • Quality Assurance Teams
  • Release Managers
  • Scrum Masters
  • Site Reliability Engineers
  • Software Engineers
  • Testers

Learner Materials

  • Eight (8) hours of virtual instructor-led training and facilitation
  • Digital Learner Manual
  • Digital post-class reference materials including:
    • Value Added Resources (includes additional sources of reference materials such as videos, industry reports, blogs, articles, websites, case stories and books)
    • DevOps Glossary
    • Exam Requirements document
    • Sample Exam
  • Access to additional sources of information and communities
  • Exam voucher for DevSecOps Foundation℠ certification exam

Prerequisites

An understanding and knowledge of common DevOps terminology and concepts and related work experience are recommended.

Certification Exam

Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the DevSecOps Foundation℠ certificate. The certification is governed and maintained by DevOps Institute.

Course Outline

  • Realizing DevSecOps Outcomes
    • Origins of DevOps
    • Evolution of DevSecOps
    • CALMS
    • The Three Ways

  • Defining the Cyberthreat Landscape
    • What is the Cyber Threat Landscape?
    • What is the threat?
    • What do we protect from?
    • What do we protect, and why?
    • How do I talk to security?

  • Building a Responsive DevSecOps Model
    • Demonstrate Model
    • Technical, business and human outcomes
    • What’s being measured?
    • Gating and thresholding

  • Integrating DevSecOps Stakeholders
    • The DevSecOps State of Mind
    • The DevSecOps Stakeholders
    • What’s at stake for who?
    • Participating in the DevSecOps model

  • Establishing DevSecOps Best Practices
    • Start where you are
    • Integrating people, process and technology and governance
    • DevSecOps operating model
    • Communication practices and boundaries
    • Focusing on outcomes

  • Best Practices to get Started
    • Value stream-centric thinking
    • The Three Ways
    • Identifying target states

  • DevOps Pipelines and Continuous Compliance
    • The goal of a DevOps pipeline
    • Why continuous compliance is important
    • Archetypes and reference architectures
    • Coordinating DevOps Pipeline construction
    • DevSecOps tool categories, types and examples

  • Learning Using Outcomes
    • Security Training Options
    • Training as Policy
    • Experiential Learning
    • Cross-Skilling
    • The DevSecOps Collective Body of Knowledge
    • Preparing for the DevSecOps Foundation certification exam