Course
DevSecOps Foundation («DEVSEC»)
Course facts
- Understanding basic concepts of DevSecOps and how they differ from traditional security approaches
- Understanding how DevSecOps strategies are defined and implemented
- Understanding how to engage stakeholders and how to integrate DevSecOps into a DevOps culture
- Realizing DevSecOps Outcomes
- Origins of DevOps
- Evolution of DevSecOps
- Other Frameworks
- CALMS
- The Three Ways
- Defining the Cyberthreat Landscape (CTL)
- Storytime and Outcomes
- What is the Cyber Threat Landscape?
- What is the threat?
- What do we protect from?
- What do we protect, and why?
- How do I talk to security?
- Building a Responsive DevSecOps Model
- Model with components
- Technical, business and human toll outcomes
- What’s being measured? Integration, current state and delta
- Gating and thresholding
- Incremental improvements
- Integrating DevSecOps Stakeholders
- The DevSecOps State of Mind
- What “good” culture looks like
- The DevSecOps Stakeholders
- What’s at stake for who?
- People, process, technology and governance
- Establishing DevSecOps Practices
- Start where you are
- Integrating people, process, technology and governance
- Continuous Security for DevSecOps
- Onboarding process for stakeholders
- Practices and outcomes
- Data driven decision making and response
- Best Practices to Get Started
- Identifying target state
- Value stream-thinking
- Flow
- Feedback
- Learning
- DevOps Pipelines and Continuous Compliance
- The goal of a DevOps pipeline
- Why continuous compliance is important
- Archetypes and reference architectures
- Coordinating DevOps Pipeline construction
- DevSecOps tool categories, types and examples
- Learning Using Outcomes
- Security Training Options
- Training as Policy
- Experiential Learning
- Cross-Skilling
- The DevSecOps Collective Body of Knowledge
- Preparing for the DevSecOps Foundation certification exam
- Next Steps
You will receive interactive training from presentation and group exercises.
Participants are supported by well-founded and certified training material that also provides valuable support for everyday project work after the seminar.
This course is aimed at IT security professionals, compliance professionals, DevOps engineers, IT managers, software developers, testers and project managers.
There are no formal prerequisites for this course. First practical experience with DevOps or knowledge analogous to the following course is advantageous:
You will receive a voucher for an online exam via email from PeopleCert a few days before the course starts. The exam voucher must be redeemed directly on PeopleCert, where you can register for an available exam date. The online exam is proctored by a PeopleCert proctor, which requires a device with a microphone and camera. We recommend taking the exam on a personal PC/notebook, as corporate notebooks are often subject to restrictions.
For more information about the exam, please visit the PeopleCert website here.
Format: Web-based, multiple-choice exam, number of questions: 40, passing score: 65%, duration: 60 minutes, open book
«Take2» option:
This option allows you to retake the exam at a lower price if you do not pass. The retake exam takes place online. If required, you can book this option independently in your PeopleCert cadidate profile before booking the exam. You have up to 6 months from the date of the first exam to prepare and take the retake exam.
Under this link you will find more information about the complaint management of our certification partner and your rights.