DevSecOps Engineering (DSOE)℠

Learn how DevOps security practices differ from other security approaches and gain the knowledge needed to understand and apply data and security sciences on this two DevSecOps Engineering course.
product
2 day course
Supporting material
Private
Private
A private training session for your team. Groups can be of any size, at a location of your choice including our training centres.

DevOps has shown immense value to businesses seeking efficiency and speed to market. This course shows how DevSecOps provides the business value of DevOps, increasing productivity, reducing risk, and optimising cost in the organisation.

Learn the purpose, benefits, concepts, and vocabulary of DevSecOps; particularly how DevSecOps roles fit with a DevOps culture and organisation. At the end of this course, you will understand using “security as code” with the intent of making security and compliance consumable as a service.

Using real-life scenarios and case studies, the course looks at how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means of protecting the organisation and customer.

This course positions learners to successfully complete the DevSecOps Engineering exam.

Our DevSecOps Engineering (DSOE) course is offered as a private training session and will be run over two consecutive days. It can be delivered at our own training centre in The Shard, London or any location of your choice.

Course overview
Who should attend:
Anyone involved in DevSecOps strategies and automation including Compliance Team, Delivery Staff, DevOps Engineers, IT Managers, IT Security Professionals, Maintenance and support staff, Project & Product Managers, Quality Assurance Teams, Release Managers, Scrum Masters, Software Engineers and Testers.
Walk away with the ability to:

Demonstrate a practical understanding of:

  • The purpose, benefits, concepts, and vocabulary of DevSecOps
  • How DevOps security practices differ from other security approaches
  • Business-driven security strategies
  • Applying data and security sciences
  • The use and benefits of Red and Blue Teams
  • Integrating security into Continuous Delivery workflows
  • How DevSecOps roles fit with a DevOps culture and organisation
Prerequisites
Attendees should have a good understanding of DevOps principles and how they are implemented.
Course agenda
Course Introduction
  • Course Goals
  • Course Agenda
  • Exercise: Diagramming your CI/CD Pipeline
Module 1: Why DevSecOps?
  • Key Terms and Concepts
  • Why DevSecOps is important
  • 3 Ways to think about DevOps+Security
  • Key Principles of DevSecOps
Module 2: Culture and Management
  • Key Terms and Concepts
  • Incentive Model
  • Resilience
  • Organisational Culture
  • Generativity
  • Erickson, Westrum, and LaLoux
  • Exercise: Influencing Culture
Module 3: Strategic Considerations
  • Key Terms and Concepts
  • How much Security is enough?
  • Threat Modelling
  • Context is everything
  • Risk Management in a High-velocity World
  • Exercise: Measuring for Success
Module 4: General Security Considerations
  • Avoiding the Checkbox Trap
  • Basic Security Hygiene
  • Architectural Considerations
  • Federated Identity
  • Log Management
Module 5: IAM: Identity & Access Management
  • Key Terms and Concepts
  • IAM Basic Concepts
  • Why IAM is Important
  • Implementation Guidance
  • Automation Opportunities
  • How to hurt yourself with IAM
  • Exercise: Overcoming IAM Challenges
Module 6: Application Security
  • Application Security Testing (AST)
  • Testing Techniques
  • Prioritising Testing Techniques
  • Issue Management Integration
  • Threat Modelling
  • Leveraging Automation
Module 7: Operational Security
  • Key Terms and Concepts
  • Basic Security Hygiene Practices
  • Role of Operations Management
  • The Ops Environment
  • Exercise: Adding Security to your CI/CD Pipeline
Module 8: Governance, Risk, Compliance (GRC) and Audit
  • Key Terms and Concepts
  • What is GRC?
  • Why care about GRC?
  • Rethinking Policies
  • Policy as Code
  • Shifting Audit Left
  • 3 Myths of Segregation of Duties vs. DevOps
  • Exercise: Making Policies, Audit and Compliance Work with DevOps
Module 9: Logging, Monitoring, and Response
  • Key Terms and Concepts
  • Setting Up Log Management
  • Incident Response and Forensics
  • Threat Intelligence and Information Sharing
Book this course
Call our sales team today
close
Don't miss out
Keep up to date with news, views and offers from Jellyfish Training.
Your data will be handled in accordance with our Privacy Policy
Related news
& insights
BROWSE ALL ARTICLES
Cloud Guides
10 Oct, 2019
Cloud computing is an everyday part of most modern businesses - even if you don’t realise it. In this guide, we’ll answer frequently asked questions to help you understand how the technology can b...
Cloud Guides
15 Oct, 2019
Cloud computing can help businesses of all scales. It can enable you to streamline processes, improve flexibility, increase security, and so much more....
Cloud Guides
15 Nov, 2019
Did you know that there is more than one type of cloud computing? In this guide, we’ll help you make sense of the different types and the various cloud services that are available....
Cloud Guides
31 Dec, 2019
Want to leverage cloud technology for your business, but unsure which provider to choose? Read on to discover what options are available, their features and benefits, and how they compare with each ot...