Öppna kurser

DevSecOps Engineering (DSOE)

A DevSecOps Engineer is an IT Security professional who is skilled at security as code with the intent of making security and compliance consumable as a service. A DevSecOps Engineer uses data and security science as its primary means of protecting the organisation and customer.

This training addresses the purpose, benefits, concepts and vocabulary of DevSecOps, how DevOps security practises differ from other types of security approaches, and an overview of DevOps security strategies including business driven security scores.

Nyckelfunktioner:

  • Participate in unique activities designed to apply training
  • Take sample documents, templates, tools and techniques with you post-training
  • to DevOps Institute additional sources of information and communities
  • Exam is included to test for certification

Du kommer lära dig att:

  • Explain the purpose, benefits, concepts and vocabulary of DevSecOps
  • Differentiate DevOps security practises from other security approaches
  • Focus on Business-driven security strategies
  • Apply data and security sciences
  • Benefit from Security Testing with Red and Blue Teams
  • Integrate security into Continuous Delivery workflows
  • Integrate DevSecOps roles with a DevOps culture and organisation

Kursbeskrivning

  • DevOps Foundation Review
    • What is DevOps?
    • DevOps Goals
    • DevOps Values
    • DevOps Stakeholders
  • Why DevSecOps?
    • Key Terms and Concepts
    • Why DevSecOps is important
    • 3 Ways to Think About DevOps+Security
    • Key Principles of DevSecOps
  • Culture and Management
    • Key Terms and Concepts
    • Incentive Model
    • Resilience
    • Organisational Culture
    • Generativity
    • Erickson, Westrum, and LaLoux
  • Strategic Considerations
    • Key Terms and Concepts
    • How Much Security is Enough?
    • Threat Modelling
    • Context is Everything
    • Risk Management in a High-velocity World
  • General Security Considerations
    • Avoiding the Checkbox Trap
    • Basic Security Hygiene
    • Architectural Considerations
    • Federated Identity
    • Log Management
  • Identity & Access Management (IAM)
    • Key Terms and Concepts
    • IAM Basic Concepts
    • Why IAM is Important
    • Implementation Guidance
    • Automation Opportunities
    • How to Hurt Yourself with IAM
  • Application Security
    • Application Security Testing (AST)
    • Testing Techniques
    • Prioritising Testing Techniques
    • Issue Management Integration
    • Threat Modelling
    • Leveraging Automation
  • Operational Security
    • Key Terms and Concepts
    • Basic Security Hygiene Practises
    • Role of Operations Management
    • The Ops Environment

Exam/Certification Information

  • 40 multiple choice questions, closed book
  • 90 min, additional 15 minutes is granted to non-native English speakers
  • 65% pass
  • To maintain the value and integrity of the certification, all candidates are required to attend approved DOI classes through one of the DOI REPs (Registered Education Providers) to be eligible to sit the exam.