Introduction to DevSecOps Overview
DevSecOps (Development, Security, and Operations) is an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire Software Development Life Cycle (SDLC). This DevSecOps Fundamentals training course teaches attendees how to prioritize security and compliance in their workflows.
Location and Pricing
Accelebrate offers instructor-led enterprise training for groups of 3 or more online or at your site. Most Accelebrate classes can be flexibly scheduled for your group, including delivery in half-day segments across a week or set of weeks. To receive a customized proposal and price quote for private corporate training on-site or online, please contact us.
In addition, some courses are available as live, instructor-led training from one of our partners.
Objectives
- Have a thorough understanding of DevSecOps
- Implement a process where products and services have safety and security incorporated into the architecture
- Architect DevSecOps strategies and automation
Prerequisites
All participants must have attended DevOps Fundamentals or have comparable experience implementing basic DevOps principles.
Outline
Expand All | Collapse All
Introduction
DevSecOps Origin and Evolution
- DevOps beginnings
- DevSecOps values and manifestos
- CALMS and SaC (security as code)
- DevSecOps and the Three Ways
- DevSecOps outcomes
The Security- and Cyber-Threat Landscape
- Cyber Thread Industrial Landscape
- Threat definition
- Source of threats
- Outcomes and results
- Threat (type) models
- MITRE ATT and CK
- Who/what do we protect from?
- Published common flaws
- OWASP top ten
- EU agency cybersecurity rankings
- Threat actors and agents
- What do we protect?
- protection metrics
- continuous compliance
Building a DevSecOps Model
- Responsiveness
- KPI(s): Key Performance Indicators
- Redesigning change management
- DevSecOps maturity and implementation model
- Resilience through responsiveness
- Building a (compliant) model
- Outcomes
DevSecOps Safety Culture
- DevSecOps "state of mind" and practices
- The Trust Algorithm
- Definition of a safety culture
- Westrum and Laloux typologies
- DevSecOps stakeholders
- Governance
DevSecOps Best Practices
- Current assessment
- Continuous security map/definition
- Security in the DevOps flow
- Practices and (shift security left) outcomes
- Security and the CI/CD pipeline
- Cloud and container security
- The target state
- Artifact, risk, identity, access, and secrets management
- Perils of a DevOps pipeline
- Building a secure DevOps pipeline
- SAST / DAST / IAST / RASP tools
- Continuous compliance
- SIEM (security information and event management)
Learning DevSecOps
- The Third Way (continuous experimentation and learning)
- Security training (as policy)
- DevSecOps Dojos
- Security Chaos Engineering and gamification
- Learning through experiences, innovation, retrospectives
- Continuous learning forever
Conclusion
Training Materials
All DevSecOps training attendees receive comprehensive courseware.
Software Requirements
Attendees will not need to install any software on their computer for this class. The class will be conducted in a remote environment that Accelebrate will provide; students will only need a local computer with a web browser and a stable Internet connection. Any recent version of Microsoft Edge, Mozilla Firefox, or Google Chrome will work well.
