Short summary

Software security is no longer optional. Headlines have put pressure on businesses to strike threats with iron fists. Hackers on the other end, are finding alternative ways of accessing private and confidential data. Only a combination of static, dynamic and hybrid application scanning tools, combined with developer training, standards and security intelligence, can improve security in the software development life cycle. We call it DevSecOps, the philosophy that helps detect and prevent software vulnerabilities even before code is written until the software hits end of life.

Make sure that you are capable of fending off cyber-attacks. Equip yourself with the latest knowledge on DevSecOps, so you understand how to better protect your software. This course aims at a hands-on approach to propose solutions for the challenges with good practices, and tooling.

Overview

DevSecOps, Shift left, Security as Code are some of the interlacing paradigm shifts aiming to deliver secure software early and often. The DevSecOps practitioner course is carefully designed to help you understand the principles, practices, tools, and techniques that are essential for any organization to get started with and mature organically in DevSecOps. This 16 hour corse is designed to be highly interactive, and hands on by DevSecOps veterans that bring their lessons working from the trenches.

Examinable Learning Objectives

The Learning Objectives support the Business Outcomes and are used to create the examination for achieving the Certified DevOps Professional. In general, all parts of this syllabus are examinable at a K1 and K2 level. That is, the candidate will recognize, remember, and recall a term or concept. The specific learning objectives at K1, K2, and K3 levels are shown at the beginning of the pertinent chapter. The high level learning objectives of the DevSecOps Practitioner include

• Embedding Security in the pipelines by introducing SCA, SAST, DAST, Compliance as a Code, and various other tooling’s and techniques that helps strengthen your organization’s security posture
• Abilities to apply Practical Risk Management, Vulnerability Management concepts to real world security weaknesses in applications and infrastructure
• Explore the various DevSecOps reference models so to understand that DevSecOps is not a ‘one type fits all’ approach, and how to navigate through challenging implementations
• Understand the evolution behind traditional security practices, tooling, principles, and maturity models and how they compare to the practices, tooling, principles, and maturity models of DevSecOps
• Ability to envision and implement a DevSecOps program at scale and at enterprise by balancing the security and velocity
• Ability to apply a shift left approach in ‘security’ as code, build, and infrastructure
• Learn the essential skills to apply sensible security automation practices early on and in the various stages of the Software Development Lifecycle

Course topics

• DevSecOps Principles
• Exploring Security Checkpoints
• Embedding Security in Software Delivery
• Embedding Security in Software Operations
• Compliance en Governance in DevSecOps

Certification

Training and certification exam are offered as a package. This means the training includes one exam sitting. You will take the exam through our partner iSQI. The exam consists of 40 multiple choice questions, which have to be answered within 90 minutes. To obtain the DevSecOps Practitioner certificate, you must demonstrate your knowledge by passing the exam with a score of 75% or higher. After passing, iSQI will provide you with the certificate.