Course description:

With the rising number of data breaches and increased emphasis on data privacy regulations, organizations need to prioritize security and compliance measures into everyday workflows.

The 2-day DevSecOps Foundation Training, accredited by the DevOps Institute, covers how DevSecOps provides business value, enhancing your business opportunities, and improving corporate value. The core DevSecOps principles taught can support an organizational transformation, increase productivity, reduce risk, and optimize resource usage.

This course explains how DevOps security practices differ from other approaches then delivers the education needed to apply changes to your organization. Participants learn the purpose, benefits, concepts, vocabulary and applications of DevSecOps. Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. At the course’s end, participants will understand “security as code” to make security and compliance value consumable as a service.

This course positions learners to pass the DevSecOps Foundation exam. Learners will receive a voucher for a web-based exam which can be taken at their convenience.

Benefits:

The learning objectives of DevSecOps Foundation course include a practical understanding of:

• The purpose, benefits, concepts, and vocabulary of DevSecOps
• How DevOps security practices differ from other security approaches
• Business-driven security strategies and Best Practices
• Understanding and applying data and security sciences
• Integrating corporate stakeholders into DevSecOps Practices
• Enhancing communication between Dev, Sec, and Ops teams
• How DevSecOps roles fit with a DevOps culture and organization.

Target audience:

The target audience for the DevSecOps Foundation course are professionals including:

• Anyone involved or interested in learning about DevSecOps strategies and automation
• Anyone involved in Continuous Delivery toolchain architectures
• Compliance Team; Business managers; Delivery Staff; DevOps Engineers; IT Managers; IT Security Professionals, Practitioners, and Managers; Maintenance and support staff; Managed Service Providers; Project & Product Managers; Quality Assurance Teams; Release Managers; Scrum Masters; Site Reliability Engineers; Software Engineers; Testers.

Prerequisites:

None. Participants should have baseline knowledge and understanding of common DevOps definitions and principles.

Day 1:

• DevSecOps Foundation course introduction
• Realizing DevSecOps Outcomes (Origins of DevOps; Evolution of DevSecOps; CALMS; The Three Ways)
• Defining the Cyberthreat Landscape (What is the Cyber Threat Landscape? What is the threat? What do we protect from? What do we protect, and why? How do I talk to security?)
• Building a Responsive DevSecOps Model (Demonstrate Model; Technical, business and human outcomes ; What’s being measured? Gating and thresholding)
• Integrating DevSecOps Stakeholders (The DevSecOps State of Mind; The DevSecOps Stakeholders; What’s at stake for who? Participating in the DevSecOps model)

Day 2:

• Establishing DevSecOps Best Practices (Start where you are; Integrating people, process and technology and governance; DevSecOps operating model; Communication practices and boundaries; Focusing on outcomes)
• Best Practices to get Started (The Three Ways; Identifying target states; Value stream-centric thinking)
• DevOps Pipelines and Continuous Compliance (The goal of a DevOps pipeline; Why continuous compliance is important; Archetypes and reference architectures; Coordinating DevOps Pipeline construction; DevSecOps tool categories, types and examples)
• Learning Using Outcomes (Security Training Options; Training as Policy; Experiential Learning; Cross-Skilling)
• The DevSecOps Collective Body of Knowledge
• Course review
• DevSecOps Foundation mock exam
• DevSecOps Foundation certification exam

EExam:

• Exam type: on-line multiple-choice test (1 correct answer out of 4)
• Exam duration: 60 minutes
• Number of questions: 40
• Pass mark: 65% (26/40)
• Exam language: English
• Open book.

Additional information:

Student pack includes:

• DevSecOps Foundation study guide with all slides
• Glossary
• DevSecOps Foundation exam requirements
• DevSecOps Foundation sample paper with answer key
• Post-course reading materials.

Organization of training:

• Type of training: Virtual class (Instructor-led live online class), On-site open group class, On-site closed group class; Training materials are distributed in electronic form
• Training language: English or Polish
• Material language: English
• Group size: 6 to 12 participants
• Prerequisites: None. Participants should have baseline knowledge and understanding of common DevOps definitions and principles.
• Accreditation granted to Asseco Data Systems by DevOps Institute.

Additional information regarding participation in the Virtual class:

• Each participant should register for the training session between 08:30-08:50
• The training is conducted between 09:00 am and 3:30 pm
• During the training day there will be several breaks, including one 1-hour lunch break and 10-minutes coffee breaks after each hour of training.
• Study guide and other training materials are distributed in a digital version.
• Exams are carried out in the form of vouchers.

DevSecOps Foundation (DSOF)® is a registered trademark of DevOps Institute, Inc.