DevSecOps Foundation (DSOF)

Introduction

Learn the purpose, benefits, concepts, and vocabulary of DevSecOps including  DevOps security strategies and business benefits.  

As companies deploy code faster and more frequently than ever, new vulnerabilities also accelerate. When the boss says, “Do more with less,” DevOps practices add business and security value as an integral strategic component. Delivering development, security, and operations at the speed of business should be an essential component for any modern business.

This course covers how DevSecOps provides business value, enhances your business opportunities, and improves corporate value. The core principles of DevSecOps can support an organizational transformation, increase productivity, reduce risk, and optimize use of resources.

The course explains how DevOps security practices differ from other approaches and provides the training you need to apply the changes to your organization. Participants learn the purpose, benefits, concepts, vocabulary, and applications of DevSecOps. Most importantly, students learn how DevSecOps roles fit within a DevOps culture and organization. Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. By the end of the course, participants will understand “security as code” to make security and compliance value consumable as a service.

No course would be complete without a practical application and this course teaches the steps to integrate security programs from the developers and operators through the C-suite (CEO, CTO, CIO,…). Each stakeholder plays a role and the learning material highlights how professionals can use these tools as the primary means to protect the organization and the customer through multiple real-life case studies, videos, discussions, and exercises to maximize the value of learning. These real-life scenarios create tangible conclusions that participants can draw upon upon returning to work.

Attending the class prepares individuals to take the exam and earn the DevSecOps Foundation (DSOF) certification. See the certification blueprint.

Objectives

At the end of this course students will have a practical understanding of:

• DevSecOps purpose, benefits, concepts, and vocabulary
• How DevOps security practices differ from other security approaches
• Business Driven Security Strategies and Best Practices
• Understand and apply data and security science
• Integrate business stakeholders into DevSecOps practices
• Improve communication between Dev, Sec and Ops teams
• How DevSecOps Roles Fit Into a DevOps Culture and Organization

Student Profile

This course is designed for professionals including:

• Anyone just starting out in DevSecOps and automation strategies
• Anyone interested in Continuous Delivery tool architectures
• Compliance teams
• Business managers
• Delivery team
• DevOps Engineers
• IT managers
• IT security professionals
• Maintenance and support team
• Service providers
• Project and product managers
• Quality assurance (QA) teams
• Packaging managers (Release)
• Scrum Masters
• Site Reliability Engineers
• Software engineers
• Testers

Prerequisites

There are no prerequisites to attend this course, but students should have an understanding and knowledge of common DevOps terminology and concepts and related work experience.

Course Materials

Each student will receive a copy of the course documentation prepared by DevOps Institute.

Methodology

Engaging and interactive course. Our instructors teach all course materials using the demonstrative method; the participants learn new concepts through exercises and real application practices.

Certification

At the end of the training session, students will be able to obtain the DevOps Institute DSOF certification by successfully passing the DevSecOps Foundation exam. Get the exam details.

Additionally, students will earn 16 credit hours for their attendance.

Accreditation

A certificate of attendance will be issued to students who attend the course for at least 75% of the duration.

Course Outline

1. Compliance with DevSecOps outcomes
   • DevOps origins
   • DevSecOps Evolution
   • CALMS
   • The three ways – Three Ways
2. Define the cyber threat landscape
   • What is a cyber threat landscpae?
   • What is a threat?
   • What do we protect ourselves from?
   • What do we protect and why?
   • How do we speak to security?
3. Build a responsive DevSecOps model
   • Demonstrate the model
   • Technical, business and human outcomes
   • What are we measuring?
   • Doors and thresholds
4. Integrate DevSecOps stakeholders
   • DevSecOps State of Mind
   • DevSecOps Stakeholders
   • What is at stake and for whom?
   • Participate in the DevSecOps model
5. Establish DevSecOps Best Practices
   • Start where you are
   • Integrate people, processes, technology and government
   • DevSecOps operating model
   • Communication practices and limits
   • Focus on outcomes
6. Best practices to get started
   • The three ways – Three Ways
   • Identify target states
   • Value Stream-centric thinking
7. Pipelines DevSecOps and Ongoing Compliance (Compliance)
   • Purpose of a DevOps pipeline
   • Why compliance is important
   • Archetypes and reference architectures
   • Coordinate the construction of a DevOps pipeline
   • DevSecOps Tool Categories, Types, and Examples
8. Learning using outcomes
   • Security training options
   • Formation as politics
   • Experiential learning
   • Cross-Skilling
   • The DevSecOps Collective Body of Knowledge