25,000+ Courses Nationwide
0345 4506120

SecDevOps Foundation (SDOF) Certification

SecDevOps is an initiative to put cybersecurity first within the security, development, and operations teams, requiring change management involved in the System Engineering Life Cycle (SELC). This DOI-certified course addresses benefits, concepts, and vocabulary of SecDevOps and DevSecOps; how they evolved from Agile practises; and highlights differences between DevOps practises and other types of security approaches.

Key Features of this SecDevOps Foundation Training:

  • Prepare for the DevOps Institute SecDevOps Foundation Certification with the world's first accredited SecDevOps certification course
  • After-course instructor coaching benefit
  • Certification from DevOps Institute

Who Should Attend this Course

Software Developers/Tester, Release Manager, Automation Architects, XA Professional, Security Engineer, System Administrators.

How is this course different from DevSecOps?

SecDevOps is an initiative to put cybersecurity first, along with extensions that aim to ensure optimum security throughout all phases of the software life cycle, within the cybersecurity, development, and operations teams.

Select specific date to see price, venue and full details.

Learning Objectives

  • Explain the purpose, benefits, concepts and vocabulary of SecDevOps.
  • Differentiate DevOps security practises from other security approaches.
  • Trace the history and evolution of SecDevOps.
  • Focus on Business-driven security strategies.
  • Apply data and security science techniques.
  • Benefit from Security Testing with Red and Blue Teams.
  • Integrate security into Continuous Integration and Delivery workflows.
  • Integrate SecDevOps roles with a DevOps culture and organisation.

Course Content

Agile/DevOps Foundation Review

  • What is Agile/DevOps?
  • DevOps Goals
  • DevOps Values
  • DevOps Stakeholders

Why SecDevOps?

  • Key Terms and Concepts.
  • Why SecDevOps is important.
  • 3 Ways to Think About DevOps + Security.
  • Key Principles of SecDevOps
  • SecDevOps security-first philosophy.
  • SecDevOps evolution from DevSecOps.

Culture and Management

  • Key Terms and Concepts
  • Incentive Model
  • Resilience
  • Organisational Culture
  • Generativity
  • Erickson, Westrum, and LaLoux

Strategic Considerations

  • Key Terms and Concepts.
  • How Much Security is Enough?
  • Threat Modelling.
  • Context is Everything.
  • Risk Management in a High-velocity World.
  • Team Security Profiling

General Security Considerations

  • Avoiding the Checkbox Trap
  • Basic Security Hygiene
  • Architectural Considerations
  • Federated Identity
  • Log Management

Feature and Security Workflow

  • Configuration Management
  • Centralised Workflow
  • Workflow Branch Classifications
  • Pre and post commit
  • Deployment and Release Orchestration

Acquisition Lifecycle Security

  • Needs Phase requirements vs. security.
  • Acquisition Review Board (ARB)
  • Analyze/Select Phase measurement metrics.
  • Obtain Phase Life Cycle
  • Planning and Scheduling
  • Dispose Phase Concerns

Identity and Access Management (IAM)

  • Key Terms and Concepts
  • IAM Basic Concepts
  • Why IAM is Important
  • Implementation Guidance
  • Automation Opportunities
  • How to Hurt Yourself with IAM

Application Security

  • Application Security Testing (AST)
  • Testing Techniques
  • Prioritising Testing Techniques
  • Issue Management Integration
  • Threat Monitoring
  • Leveraging Automation
  • Secure Coding and OWASP compliance

Operational Security

  • Key Terms and Concepts
  • Basic Security Hygiene Practises
  • Role of Operations Management
  • The Ops Environment
  • Embracing Fail-Early, Fail-First
  • Security infrastructure as code

Cross-Team Security

  • Key Terms and Concepts
  • Establishing Trust
  • Promoting Shared Responsibility
  • Team Verification Techniques
  • Embedded Point-of-Contact
  • Security, Development and Operations Sprints

Roles and Responsibilities

  • SecDevOps Coach
  • Product Owner Expanded Responsibilities
  • Program and Project Manager
  • Information System Security Officer (ISSO)
  • SecDevOps Engineer
  • Site Reliability Engineer

Governance, Risk, Compliance (GRC) Audit

  • Key Terms and Concepts
  • What is GRC?
  • Why Care About GRC?
  • Rethinking Policies
  • Policy as Code
  • Shifting Audit Left
  • 3 Myths of Segregation of Duties vs. DevOps

Logging, Monitoring and Response

  • Key Terms and Concepts
  • Setting Up Log Management
  • Incident Response and Forensics
  • Threat Intelligence and Information Sharing

Continual Improvement

  • Retrospectives
  • Continuous Learning
  • Open Collaboration (including security)
  • Shared intelligence

Review and Summary

  • Exam Review
  • Key course concepts
  • Next steps

Exams & Certification

  • The exam is taken in-class and is included in the course tuition fee.
  • The exam is open book and is 60 minutes in duration.
  • It is highly recommended that candidates attend the SecDevOps Foundation course with a DevOps Institute accredited Education Partner to prepare for the certification exam.
  • Exam administered through DOI leading to Certification.

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

We work with the best