Building a DevSecOps Practice (AA-DevSecOps)


Course Description

DevSecOps is a branch of DevOps that focuses on automating Security and integrating it into the process, such as Continuous Delivery, Infrastructure-as-Code (IaC), and observability.

DevSecOps speeds the delivery of safer code, but it also helps developers get early feedback on their work, producing more reliable software.

This course examines integrating DevSecOps practices into the software delivery pipeline using open-source tools. This course is for software developers, site reliability engineers, and DevOps workers who want to write more secure code in a shorter amount of time.

Course Outline

  1. DevSecOps in a Nutshell
    • SecDevOps in a Nutshell Or DevOps Security in a Nutshell.
    • A Very Brief Introduction to DevOps and Security
    • DevSecOps, SecDevOps, DevOps Security Defined
    • Activity Major DevSecOps Players: Regulators, Stakeholders, Developers, Operations, IT Security, Auditors, Leadership
    • Shifting DevOps Security "Left" (like other agile practices)
    • Continuous Security, implied Security, explicit Security
    • Points of Contention between traditional Security Teams (InfoSec) and DevSecOps Teams
  2. DevSecOps in Practice
    • App Security Basics: authorization and access, auditing and logging, confidentiality or privacy, system, and data integrity.
    • Focus on data: platform data, database data, application data
    • Identity management for Dummies: IAM, permissions, and management
    • Mindset shift to DevSecOps: shift left
  3. Living with DevSecOps
    • DevSecOps Testing and Monitoring
    • Artificial Intelligence and DevSecOps
    • Major DevSecOps Vendors and Solutions

Course Objectives

  • Examine Agile methodologies are driving the new DevSecOps field
  • Understand what "Shift Left" means relative to DevSecOps
  • Identify the leading "players" in a DevSecOps practice and learn why the leading players might have differing and complementary) agendas.
  • Compare and contrast different types of Security such as implied, explicit, and continuous
  • Examine differing points of contention between traditional Security and IT forensic teams and more modern and progressive DevSecOps Teams
  • Learn about different work strategies, focusing on getting disparate DevOps and security teams and their respective stakeholders "on the same page."
  • Learn about Cloud-Native Security, and different cloud deployment security considerations
  • Examine ways of securing applications and building secure systems
  • Demonstrate how to secure build systems
  • Identify vulnerability patterns in various modern cloud deployment strategies
  • Analyze and plan for all phases of security planning from concept through project maintenance and retirement
  • Develop and execute a DevSecOps security plan
  • Design, plan and use DevSecOps monitoring and logging.
  • Understand how Artificial Intelligence is impacting IT Security and DevSecOps
  • Identify DevSecOps vendors, providers, and tools

Course Prerequisites

  • A working understanding of industry-standard DevOps practices. A learner attending this course should be familiar with the basic tenets of agile and modern IT development and deployment methodologies. While not necessarily an expert in these concepts, learners should be comfortable with their principles. Also, a learner should have a keen and curious ambition about IT security. Security professionals attending the course may or may not have a DevOps background.

Course Information

Length: 3 day

Format: Lecture

Delivery Method: n/a

Max. Capacity: 16



Schedule

Contact Us

UPCOMING COURSES
Date
Geography & Location
Days
Cost
CLC
GTR
Nov 25, 2024 - 3 day(s)
Nov 25, 2024
AMER
Remote-EST
AMER, Remote-EST
3
$2770 USD
$2770 USD
Feb 05, 2025 - 3 day(s)
Feb 05, 2025
AMER
Remote-EST
AMER, Remote-EST
3
$2770 USD
$2770 USD

Do you have more questions? We're delighted to assist you!

1-877-797-2799
info@firefly.cloud

Who Should Attend

  • Software developers
  • Site reliability engineers
  • DevOps workers