DevSecOps Foundation

*Previously known as DevSecOps Engineering

Learn the purpose, benefits, concepts, and vocabulary of DevSecOps including DevOps security strategies and business benefits.

Beginning with software development, and continuing into production, security is everyone’s responsibility.

“Shift left” principles are adopted at the very beginning of a project, to find and correct software defects, as early as possible in the software delivery lifecycle.

As companies deploy code faster and more often than ever, new vulnerabilities are also accelerating. DevOps practices add business and security value as an integral, strategic component. Delivering development, security and operations at the speed of business should be an essential component for any modern enterprise.

This course explains the purpose, benefits, concepts, vocabulary and applications of DevSecOps. Most importantly, attendees learn how DevSecOps roles fit within a DevOps culture and organisation. By the end of the course participants will understand “security as code” to make security and compliance value consumable as a service.

The DevSecOps course covers the steps to integrate security programs from developers and operators through the business C-level. Every stakeholder plays a part and the learning material highlights how professionals can use these tools as the primary means of protecting the organisation and customer through multiple case studies, video presentations, discussion options, and exercise material to maximise learning value. These real-life scenarios create tangible takeaways participants can leverage upon their return to the office.

The course positions learners to pass the DevSecOps Foundation exam from the DevOps Institute.

Learning outcomes

The learning objectives include a practical understanding of:

• The purpose, benefits, concepts, and vocabulary of DevSecOps
• How DevOps security practices differ from other security approaches
• Business-driven security strategies and Best Practices
• Understanding and applying data and security sciences
• Integrating corporate stakeholders into DevSecOps practices
• Enhancing communication between Dev, Sec, and Ops teams
• How DevSecOps roles fit with a DevOps culture and organisation

View the DevSecOps BLUEPRINT

Who should attend

The target audience for the DevSecOps Foundation course are professionals who are seeking an understanding of DevSecOps practices:

• Anyone involved or interested in learning about DevSecOps strategies and automation
• Anyone involved in Continuous Delivery toolchain architectures
• Compliance Team
• Business managers
• Delivery Staff
• DevOps Engineers
• IT Managers
• IT Security Professionals, Practitioners, and Managers
• Maintenance and support staff
• Managed Service Providers
• Project & Product Managers
• Quality Assurance Teams
• Release Managers
• Scrum Masters
• Site Reliability Engineers
• Software Engineers
• Testers

Course contents

1. Realising DevSecOps Outcomes

• Origins of DevOps
• Evolution of DevSecOps
• Other Frameworks
• CALMS
• The Three Ways

2. Defining the Cyber Threat Landscape

• What is the Cyber Threat Landscape?
• What is the threat?
• What do we protect from?
• What do we protect, and why?
• How do I talk to security?

3. Building a Responsive DevSecOps Model

• DevSecOps Model with components
• Technical, business and human toll outcomes
• What’s being measured?
• Gating and thresholding
• Incremental improvements

4. Integrating DevSecOps Stakeholders

• The DevSecOps State of Mind
• What “good” culture looks like
• The DevSecOps Stakeholders
• What’s at stake for who?
• People, process, technology and governance

5. Establishing DevSecOps Practices

• Start where you are
• Integrating people, process, technology and governance
• Continuous Security for DevSecOps
• Onboarding process for stakeholders
• Practices and outcomes
• Data driven decision making and response

6. Best Practices to Get Started

• Identifying target state
• Value stream-thinking
• Flow
• Feedback
• Learning

7. DevOps Pipelines and Continuous Compliance

• The goal of a DevOps pipeline
• Why continuous compliance is important
• Archetypes and reference architectures
• Coordinating DevOps Pipeline construction
• DevSecOps tool categories, types and examples

8. Learning Using Outcomes

• Security Training Options
• Training as Policy
• Experiential Learning
• Cross-Skilling
• The DevSecOps Collective Body of Knowledge
• Preparing for the DevSecOps Foundation certification exam
• Next Steps

Course fees

DevSecOps Foundation

$ 1950 + gst per person

Fees include:

• Course presentation
• Course workbook
• DevSecOps Foundation Exam Voucher – 90 Day Validity

Pre-Requisites

There are no formal pre-requisites to attend the DevSecOps Foundation Course. It is helpful though, if participants have a baseline knowledge and understanding of common DevOps definitions and principles such as is covered in the DevOps Foundation course.

DevSecOps Foundation Certificate Exam

Once you’ve completed your training, you can gain a globally recognised certification with the DevSecOps Foundation Exam.  An exam voucher is provided after the training course. The exam is online and web-based, so you can take it any place, any time. Note: The exam voucher has a 90 Day Validity period.

The exam details are as follows:

• 60 minutes
• 40 multiple choice questions
• Pass mark of 65% (26 out of 40)
• Open book
• Web-based (single-browser)

Successfully passing the examination leads to the candidate receiving a DevSecOps Foundation Certification (DSOF). The certification is governed and maintained by the DevOps Institute.