This course is ideal for anyone seeking a clear understanding of the benefits, concepts and vocabulary of DevSecOps and how it fits in with DevOps security practices and cultures. This often includes IT security professionals, managers, team leaders, application developers and DevSecOps engineers.
By the end of the course, students will also be fully prepared to sit and pass the DevSecOps Engineering examination. To ensure this, the course comes with a number of additional assets, including practice exams, quizzes, and even a FREE exam voucher for every student.
Why take this course?
DevSecOps incorporates security into the continuous delivery style of the DevOps methodology. It promotes 'security as code', with the intent to have security considerations and testing incorporated into the general development process. By regularly assessing code with security in mind, users can reduce the likelihood of flaws going unnoticed. This solution is also significantly faster than traditional end-of-project approaches. As a result, the DevSecOps solution can guarantee greater ROIs, as well as tighter protection for both practitioner organizations and their customers.
This course offers a firm grasp of the practices, benefits and vocabulary of DevSecOps. Students will learn how the specialized methodology fits into wider DevOps cultures, enabling them to bring major security benefits to their organizations.
Students will look at DevSecOps in the context of organizational transformation. The methodology iterates how incorporating security considerations into the entire code development lifecycle is essential for guaranteeing their effectiveness. This approach also promotes flexible and ongoing collaboration between security staff and other DevOps team members, encouraging shared responsibility that helps to ensure superior results.
Students who take this course will learn:
How the elements of DecSecOps differentiate it from other frameworks
How to create business-driven strategies for security
How DevSecOps integrates security into continuous assessment practices
How to utilize data and security sciences when attempting to understand or apply data
How to integrate DevSecOps into organizational cultures
How to add security measures into continuous delivery workflows
Everything needed to pass the official DevSecOps Engineering (DSOE) exam
Ivor Macfarlane - IT Service Management & DevOps Evangelist, Author & Trainer, Good e-Learning Ambassador
Good e-Learning’s DevOps courses completely cover the DOI syllabus and add valuable extras to ensure learning and understanding is as easy as possible. Perfect for applying the ideas and concepts in real-world situations!
This module presents the course structure and lesson plan. It also includes a DevOps refresher, which contains essential information covered in DevOps Foundation, putting students in an excellent frame of mind to start with DevSecOps Engineering.
This module also provides students with a toolkit:
Table of contents DevOps Foundation reference sheet DevSecOps reference sheet Skills self-audit form Glossary Build your own glossary Further resources Diagram pack
Lastly, students will be given a complete exam information guide and a list of further literature that will be useful throughout the course.
Module 1: An Introduction to DevSecOps Engineering
Module 1 answers the question: What is DevSecOps?
It also compares DevSecOps and DevOps, looks at the definition of the security framework and explains the 'why' and 'how'.
By the end of the module, students will be acquainted with the DevSecOps security mindset, along with its principles and concepts.
We will also provide students with an introduction to business transformation and the importance of scaling through automation.
Module 2: Culture and Management
Module 2 describes the importance of appropriate management, mindset and cultural change for bringing about a successful DevSecOps implementation.
In this module, students will learn about organizational types and culture, get insight into the incentive model and the advice process and, finally, learn how to improve team performance through some simple techniques.
We will also discuss the importance of resilience and developing a generative culture within organizations that seek to utilize DevSecOps.
Module 3: Strategic Considerations
This module will introduce students to key concepts that require strategic thinking and planning.
During this module, we’ll pay special attention to threat modeling, attack path, metric, context and risk management process.
Module 4: Security Considerations
This module outlines the key security considerations that must be followed by any DevSecOps engineer, with a specific focus on basic security hygiene.
We will talk about key security concepts, such as the checkbox trap, basic security hygiene, architecture, federated identity and log management.
Students will learn what these terms mean and discover their relevance to the overall security system.
Module 5: Identity and Access Management
This module discusses technical details involved in security practices that should be incorporated into any DevSecOps program.
Students will learn the key concepts surrounding IAM, as well as the main considerations for effective resource management.
Module 6: Application Security
Module 6 covers measures used to improve the security of an application and what a developer can do to test the application to ensure there are no vulnerabilities.
We will talk about application security concepts, practices and tools for testing and techniques.
Then, we will discuss software composition analysis and threat modeling. Students will also learn how to integrate new findings into daily work and how to implement security tools to established pipeline development processes.
Module 7: Operational Security
In this module, we will discuss some further practices used to increase security within the operations environment and how to scale DevSecOps practices across an enterprise.
We will talk about basic security hygiene, vulnerability and patch management, and the importance of pre-secured environments to the shift-left mindset.
We will also reinforce the necessity of cultural transformation, moving away from internal competition and siloed thinking in order to build cooperative teams.
Module 8: GRC and Audit
This module explains the importance of governance, risk management and compliance, as well as their related security principles and concepts.
We’ll discuss what GRC means in a DevOps context and the reason why we should implement the shift left mindset to audit and compliance.
Students will also gain an insight into policy as a code, and together we’ll debunk some myths about separation of duties.
By the end of this module, students will be able to describe the key concepts that underline GRC and audit in DevSecOps and demonstrate an understanding of how to apply in practice the main GRC considerations.
Module 9: Logging, Monitoring and Response
Module 9 outlines processes and approaches to log management, incident response and threat intelligence.
We will explore the benefits of log management and possible approaches to incident response. We will also go through the concepts of threat intelligence integration and info sharing.
Practice Exam Simulators and Course Wrap-up
This module presents two practice exams. The first one was developed by the DevOps Institute, while the second has been tailored by our team of experts at Good e-Learning.
When you feel you are ready to sit the exam, simply contact Good e-Learning to request your FREE exam voucher.
Exams / Assessments
This course is designed to fully prepare students to sit the official DevSecOps Engineering (DSOE) examination.
This course comes with mock exams to help students prepare for the real thing, a FREE exam voucher, and is eligible for exam pledge (a free resit on us!) - That's how confident we are that you'll pass first time!
Before booking your exam, it will be a good idea to make sure that your device meets the technical requirements. You can do so via this online test. This test will examine the suitability of your webcam, microphone and internet connection. Please visit the PeopleCert website for more information and guidance.
What you need to know about the exam:
This is a multiple choice exam consisting of 40 questions
There is a time limit of 90 minutes to complete the exam
The exam is closed book, with only the provided materials being permitted for use
The pass mark for the exam is 65%: you must get 26 out of 40 questions correct
Students who do not have English as a native language will be given an additional 25 minutes
Candidates can take the exam online or in person with an invigilator
Looking for a team or site-license? Classroom or blended training? Complete the short form below and a member of our team will be in touch!
Exam Pledge from Good e-Learning
At Good e-Learning, we're dedicated to ensuring success. That's why we offer Exam Pledge which entitles students to a free exam retake on any eligible course (see full list).
What is the format of my exam resit?
Resits are taken online via remote proctor. For more information about online exams, please visit our Support and FAQ pages.
How do I get my free 2nd exam voucher?
As long as you have purchased a Good e-Learning course that is eligible for Exam Pledge and adhere to the conditions listed below, you will be able to request a free resit. If you fail your first exam, simply contact our support team to claim your retake voucher.
Exam pledge conditions
As long as you have completed the course in full and have scored at least 80% on the exam simulator, you will be eligible for Exam Pledge. Proof of date for the first exam failure must be provided and the resit must be booked within 3 months of the failed first exam. Exam Pledge is only available for courses purchased on or after 01/10/2019 and cannot be used for anyone sitting an exam for the third time. The course must be purchased directly through www.goodelearning.com and must have a valid order number. Please see full terms here.