DevSecOps Boot Camp

DevSecOps is more than just a new label – it’s a proven set of skills, tools, and practices for proactively building security into applications and IT services.

From the start, security has been a key priority for technology professionals who practice the grassroots principles of DevOps. However, even on teams which strive to adhere to DevOps practices, security concerns still take a back seat far too often. The more recent DevSecOps phenomenon does not represent a new idea (secure all the things!), but it does represent a renewed focus on the importance of security in the development lifecycle and its implications for all of downstream IT.

This DevSecOps boot camp is a practical, in-depth educational solution for those who want to understand, apply, and improve their skills on “shifting left” in IT security. This expert-led boot camp focuses on the principles, processes, and technical skills necessary to make security and risk profiling a front-end priority: embracing a “quality first” mindset. Teams will leave class understanding that they have a responsibility for how applications and IT services perform when they are complete and in production…even if they are involved primarily in design, development or testing applications. For IT teams primarily on the operations end of the spectrum, this class will teach them how to shift left and collaborate on the upstream work that ultimately impacts the IT security environment, the organization’s risk management, and their own daily jobs.

    Jun 22 2021

    Date: 06/22/2021 - 06/24/2021 (Tuesday - Thursday) | 8:30 AM - 4:30 PM (EST)
    Location: ONLINE (Virtual Classroom Live)
    Delivery Format: VIRTUAL CLASSROOM LIVE Request Quote & Enroll

    Success! Your message has been sent to us.
    Error! There was an error sending your message.
    REQUEST MORE INFO:

    DevSecOps Boot Camp

    June 22 - 24, 2021 | 8:30 AM - 4:30 PM (EST) | Virtual Classroom Live


    How Did You Hear of Global IT Training?

    Join Our Email List?

    Jul 12 2021

    Date: 07/12/2021 - 07/14/2021 (Monday - Wednesday) | 8:30 AM - 4:30 PM (EST)
    Location: ONLINE (Virtual Classroom Live)
    Delivery Format: VIRTUAL CLASSROOM LIVE Request Quote & Enroll

    Success! Your message has been sent to us.
    Error! There was an error sending your message.
    REQUEST MORE INFO:

    DevSecOps Boot Camp

    July 12 - 14, 2021 | 8:30 AM - 4:30 PM (EST) | Virtual Classroom Live


    How Did You Hear of Global IT Training?

    Join Our Email List?

    Aug 17 2021

    Date: 08/17/2021 - 08/19/2021 (Tuesday - Thursday) | 8:30 AM - 4:30 PM (EST)
    Location: ONLINE (Virtual Classroom Live)
    Delivery Format: VIRTUAL CLASSROOM LIVE Request Quote & Enroll

    Success! Your message has been sent to us.
    Error! There was an error sending your message.
    REQUEST MORE INFO:

    DevSecOps Boot Camp

    August 17 - 19, 2021 | 8:30 AM - 4:30 PM (EST) | Virtual Classroom Live


    How Did You Hear of Global IT Training?

    Join Our Email List?

    Sep 20 2021

    Date: 09/20/2021 - 09/22/2021 (Monday - Wednesday) | 8:30 AM - 4:30 PM (EST)
    Location: ONLINE (Virtual Classroom Live)
    Delivery Format: VIRTUAL CLASSROOM LIVE Request Quote & Enroll

    Success! Your message has been sent to us.
    Error! There was an error sending your message.
    REQUEST MORE INFO:

    DevSecOps Boot Camp

    September 20 - 22, 2021 | 8:30 AM - 4:30 PM (EST) | Virtual Classroom Live


    How Did You Hear of Global IT Training?

    Join Our Email List?

    Oct 18 2021

    Date: 10/18/2021 - 10/20/2021 (Monday - Wednesday) | 8:30 AM - 4:30 PM (EST)
    Location: ONLINE (Virtual Classroom Live)
    Delivery Format: VIRTUAL CLASSROOM LIVE Request Quote & Enroll

    Success! Your message has been sent to us.
    Error! There was an error sending your message.
    REQUEST MORE INFO:

    DevSecOps Boot Camp

    October 18 - 20, 2021 | 8:30 AM - 4:30 PM (EST) | Virtual Classroom Live


    How Did You Hear of Global IT Training?

    Join Our Email List?

    Nov 2 2021

    Date: 11/02/2021 - 11/04/2021 (Tuesday - Thursday) | 8:30 AM - 4:30 PM (EST)
    Location: ONLINE (Virtual Classroom Live)
    Delivery Format: VIRTUAL CLASSROOM LIVE Request Quote & Enroll

    Success! Your message has been sent to us.
    Error! There was an error sending your message.
    REQUEST MORE INFO:

    DevSecOps Boot Camp

    November 2 - 4, 2021 | 8:30 AM - 4:30 PM (EST) | Virtual Classroom Live


    How Did You Hear of Global IT Training?

    Join Our Email List?

    Dec 14 2021

    Date: 12/14/2021 - 12/16/2021 (Tuesday - Thursday) | 8:30 AM - 4:30 PM (EST)
    Location: ONLINE (Virtual Classroom Live)
    Delivery Format: VIRTUAL CLASSROOM LIVE Request Quote & Enroll

    Success! Your message has been sent to us.
    Error! There was an error sending your message.
    REQUEST MORE INFO:

    DevSecOps Boot Camp

    December 14 - 16, 2021 | 8:30 AM - 4:30 PM (EST) | Virtual Classroom Live


    How Did You Hear of Global IT Training?

    Join Our Email List?

DevOps, Security, and DevSecOps: Definitions

  • DevOps
  • Security
  • Risk
  • Culture
  • Agility
  • Testing
  • Continuous “X” (Integration, Delivery, etc.)

Where do we start with security?

  • Risk review
  • Policy
  • Roles
  • Compliance, regulatory and GRC
  • The 50% hack rule
  • The Pipeline Model

Security as a DevOps practice

  • Traditional vs. “DevOps” security
  • Tools vs. processes
  • Security, not compliance
  • Prioritizing testing for risk
  • Reducing source code footprint
  • Static analysis for secure code
  • Feature toggles for security
  • DevSecOps and technical debt management

DevSecOps and “requirements”

  • Designing for security
  • Assessing risk appetite
  • Modeling threats
  • Product architecture
  • Use cases, anitpatterns and abuse cases
  • Dataflows with trust boundaries

Secure development patterns

  • Secure code overview
  • OWASP review
  • Tools for automating OWASP
  • Developer guidelines & checklists
  • Compiler Security Settings (per)
  • Tools to use
  • Coding Standards (per language)
  • Common pitfalls (per language)
  • Secure/Safe functions/methods
  • Integer type selection
  • Synchronization Primitives

Security Testing in the Pipeline

  • Testing before commit
  • Scanning for secrets
  • Hook examples
  • Application security testing
  • Testing dependencies
  • How to treat manual testing
  • Performance Testing
  • Testing in parallel
  • Staging
  • Mutation testing and tools for performing it
  • User role testing

Identity and Access Management (IAM)

  • IAM overview 
  • Identity profiles
  • Using IAM for automation
  • IAM practices in the cloud
  • IAM as an application building block
  • IAM antipatterns
  • Guided discussion: IAM in a Microservices use case

Deployment patterns for security 

  • Canary candidates
  • Dark launches
  • Streamlining libraries and dependencies
  • Keeping packages up to date
  • Keeping deploys repeatable and reliable
  • OpenSCAP for scanning baselines before and after deployments
  • Scanning web server configuration
  • Database exploitation through applications
  • Infrastructure scanning
  • Scanning web applications

DevSecOps and Operations

  • Where does ops security begin and end?
  • Infrastructure as secure code
  • Incident response planning and emergency drills
  • Release Archives
  • OS Protections:
    • Monitoring, logging and intelligent alerts
    • Log management
    • Penetration Testing

Policy, Governance, and Audit

  • GRC review
  • Coding for compliance
  • DevOps and the “segregation of duties”
  • Tooling example: Chef InSpec
  • Change management and policy
  • Change management and DevSecOps
  • Three types of “change”
  • When and why to use CAB boards
  • Peer review vs. change management
  • Automating change management
  • ITIL in 2020

Measurement and metrics

  • The core toolkit of metrics 
  • The best way to institute alerts
  • Managing alerts
  • Proactive vs. reactive metrics
  • Measurement antipatterns

More advice on the cultural factors

  • Security fails and breakdowns
  • Incentive, fear and reward
  • Getting outside IT
  • How to shift left
  • Building security in
  • Cost and the business case for proactive security
  • Overcoming conventions of the past
  • Bridging siloes – why and how

*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.
  • Assess, specify, and automate much of the work associated with application security
  • Bridge the typical functional silos in IT that prevent proactive security practices
  • Translate common risks into technical use cases and software requirements
  • Apply “security first” engineering and testing practices throughout the entire application pipeline
  • Use static analysis, broader unit test coverage, and code quality reviews specifically for security
  • Translate the OWASP risks into practical, actionable software development best practices
  • How to deploy for security
  • Tie secure development practices and automated engineering to GRC and audit requirements
  • Try new approaches to change management for increased speed, automation and security
  • Use DevOps-style metrics to measure and monitor security practices and performance

 

  • Application Developer
  • Software Engineers
  • Software Tester
  • Technical Leadership
  • Security Administrators

Ready to Jumpstart Your IT Career?

CONTACT US NOW!