DevOps SecDevOps Foundation® (SDOF)
This SecDevOps Foundation® (SDOF) Certification Training course will help you prepare for and successfully attain the SecDevOps Foundation Certification.
Utbildningsmål
In this course, you will learn the following:
Målgrupp
This course is intended for security experts, software developers, and operations specialists who must work in collaborative teams and understand SecDevOps basics. Accordingly, the material proceeds quickly into applicable practices for achieving highly robust CI/CD/CC results. The goal is to know where you are now, where you want to be in the future, and how best to get there.
Förkunskaper
None.
Kursfakta
Typ | Öppen |
---|---|
Längd | 3 dagar |
Ditt pris | 20 930 kr exkl. moms |
Klippkort | Ja |
Planerad |
1 orter 2 tillfällen |
- Benefits, concepts, and vocabulary of SecDevOps and DevSecOps
- How SecDevOps and DevSecOps evolved from Agile
- Differences between DevOps practices and other cybersecurity approaches.
- Prepare for the DevOps Institute SecDevOps Foundation Certification (SDOF) with the world's first accredited SecDevOps certification course
- Trace the history and evolution of SecDevOps
- Integrate SecDevOps roles with a DevOps culture and organisation
- Receive official certification from the DevOps Institute (DOI)
- Continue learning and face new challenges with after-course one-on-one instructor coaching
Innehåll
Module 1: Agile/DevOps Foundation Review
- What is Agile/DevOps?
- DevOps Goals
- DevOps Values
- DevOps Stakeholders
Module 2: Why SecDevOps?
- Key terms and concepts
- Why SecDevOps is important
- 3 Ways to think about DevOps + Security
- Key principles of SecDevOps
- SecDevOps security-first philosophy
- SecDevOps evolution from DevSecOps
Module 3: Culture and Management
- Key terms and concepts
- How much security is enough?
- Threat modelling
- Context is everything
- High-velocity risk management
- Team security profiling
Module 4: General Security Considerations
- Avoiding the checkbox trap
- Basic security hygiene
- Architectural considerations
- Federated identity
- Log management
Module 5: Feature and Security Workflow
- Configuration management
- Centralised workflow
- Workflow branch classifications
- Pre- and post-commit
- Deployment and release orchestration
Module 6: Acquisition Lifecycle Security
- Needs Phase requirements vs. security
- Acquisition Review Board (ARB)
- Analyse/Select Phase measurement metrics
- Obtain phase life cycle
- Planning and scheduling
- Dispose phase concerns
Module 7: Identity and Access Management (IAM)
- Key terms and concepts
- Identity and Access Management (IAM) basic concepts
- Why IAM is important
- Implementation guidance
- Automation opportunities
- How to hurt yourself with IAM
Module 8: Application Security
- Application Security Testing (AST)
- Testing Techniques
- Prioritising Testing Techniques
- Issue Management Integration
- Threat Monitoring
- Leveraging Automation
- Secure coding and Open Web Application Security Project (OWASP) compliance
Module 9: Operational Security
- Key terms and concepts
- Basic security hygiene practices
- Role of operations management
- The Ops environment
- Embracing fail-early, fail-first
- Security infrastructure as code
Module 10: Cross-Team Security
- Key terms and concepts
- Establishing trust
- Promoting shared responsibility
- Team verification techniques
- Embedded point-of-contact
- Security, development, and operations sprints
Module 11: Roles and Responsibilities
- SecDevOps Coach
- Product Owner Expanded Responsibilities
- Programme and Project Manager
- Information System Security Officer (ISSO)
- SecDevOps Engineer
- Site Reliability Engineer
Module 12: Governance, Risk, Compliance (GRC) Audit
- Key terms and concepts
- What is GRC?
- Why care about GRC?
- Rethinking policies
- Policy as code
- Shifting audit left
- Three myths of segregation of duties vs. DevOps
Module 13: Logging, Monitoring, and Response
- Key terms and concepts
- Setting up log management
- Incident response and forensics
- Threat intelligence and information sharing
Module 14: Continual Improvement
- Retrospectives
- Continuous learning
- Open Collaboration (including security)
- Shared intelligence
Module 15: Review and Summary
- Exam review
- Key course concepts
- Next steps
Kursen levereras genom utbildningspartner: Learning Tree