Advanced Certified Scrum Master

Certified DevSecOps Foundations (DSOF)℠

Work In small teams to build a secure continuous delivery pipeline while learning the DevSecOps theory. The course takes you through small assignments, so you learn by doing. You don’t need to be technical to take this course. Topics covered include how DevSecOps provides business value, enhances your business opportunities, and improves corporate value.

DevSecOps Certified – Training Focused on Continuous Security

The Course includes how DevSecOps provides business value, enhances your business opportunities, and improves corporate value. The core DevSecOps principles taught can support an organizational transformation, increase productivity, reduce risk, and optimize resource usage.

Incorporate Continuous security in your product pipeline
Evaluate the latest DevSecOps tools for success for your organization
Build a DevSecOps infrastructure through Platform as a Service, Server-less construction, and event-driven mediums

Get Hands – On Experience with DevSecOps

No course would be complete without practical application and this course teaches the steps to integrate security programs from the developers and operators through the business C-level.

Every stakeholder plays a part, and the learning material highlights how professionals can use these tools as the primary means of protecting the organization and customers through multiple case studies, video presentations, discussion options, and exercise material to maximize learning value.

These real-life scenarios create tangible takeaways participants can leverage upon their return to the home office. This course positions learners to pass the DevSecOps Foundation exam

Get a taste of the engaging instruction style you’ll experience with this SRE, Reliability Engineering, DevSecOps and ChatOps Video

By the conclusion of this dynamic workshop – you will be prepared with the skills, knowledge, and experience to not only explain DevSecOps , but also learn to automation and devsecops toolchains.

Become a catalyst for change by helping your teams and programs apply these concepts to become resilient, learning organizations able to thrive in today’s emerging markets.

Date Jul 25 - Jul 27, 2022
Time 4:00 PM - 8:00 PM, EST
Price $595 – $750
Instructor Anil Jaising, Mahesh Biradar
Location Online Event

Schedule doesn’t fit?
See the upcoming classes below for other dates/times

No event found!

Course Breakdown In 7 Easy Modules

Practices
Security is integrated into people, processes, technology, and governance practices. Continuous security practices for DevSecOps are implemented in onboarding processes for stakeholders. Security practices and outcomes are monitored and improved using data-driven decision-making and response patterns. Lean and value stream thinking ensures that security does not cause waste, delays, or constraints for flow
Cyberthreat landscape. (CTL)
Tactics, techniques, and procedures (TTP) describe how threat agents orchestrate and manage attacks. Threat Models optimize security by identifying objectives and vulnerabilities such as OWASP top ten, before defining countermeasures. Continuous Delivery practices are engaged to realize continuous governance, risk management, and compliance.
Responsive Model
Security is made continuously adaptive and auditable by breaking security silos, cultivating a symbiotic relationship between security and other business units. Security specific practices and integrated toolsets as code (such as security scans) enable automated security KPIs and observable security practices into the DevOps value stream
Automation
Security tests and scanning tools are integrated into the CI/CD pipeline to find known vulnerabilities (published CVEs) and common software weaknesses (CWEs). Repetitive security tasks are automated such as configurations, Fuzz testing, and long-running security tasks. Compliance as Code helps in automating compliance requirements to foster collaboration, repeatability, and continuous compliance.

Implementation
Value Stream Mapping establishes where security activities and bottlenecks currently happen. Collaborative design of a target value state map addresses security requirements, communication, and automation improvements. Scope of the design includes practices for Artifact Management, Risk Management, Identity Access Management, Secrets Management, Encryption, Governance, Risk and Compliance, Monitoring and Logging, Incident response and learning.

Stakeholders
Gaps between traditional waterfall security cultures and fast-paced DevOps cultures are removed by building collaboration and trust. Through improving credibility, reliability, and empathy while reducing self-interest. Decisions are based on advice from everyone affected and people with expertise using systems thinking. Shared metrics assure adaptable governance using discipline, with automation, transparency, and accountability

Organization
Continuous DevSecOps learning programs are implemented to meet evolving security requirements for the organization and individuals using strategies such as lunch and learns, mentoring, professional education, employee learning plans, structured training classes, Dojos, retrospective learning, gamification, and DevOps Institute SKILup Days.

Your Instructor

Anil Jaising

Chief Product Owner and Trainer at Concepts and Beyond

Anil is a Certified DevOps Trainer with DevOps Institute and a certified Scrum Trainer with Over 30 Years of Industry Experience. His deep expertise in financial services and startups in developing business models has resulted in multiplying revenue and avoiding risk. He recently led a cloud transformation program for 250 application teams that saved one of the world’s largest bank over $25 million. His deep Agile, DevOps, and leadership experience have guided multiple organizations to achieve high throughput, market focus, productivity, and quality in building products. He has a deep interest in instructional design and is a certified Training from the BACK of the Room Trainer.

Mahesh Biradar

AWS Solutions Architect

Mahesh has an operations and infrastructure background with over 15 years of overall industry experience. He has various industry-leading certifications including Certified Scrum Master, AWS, Azure, and DevOps Certifications. He comes from an Operations background with skills in various Compute, Storage, and Database Tools. He enjoys coding and finding opportunities to automate repetitive tasks. Mahesh has helped save an average of 18% man-hours to date, and participated in Hackathons, resulting in several wins (EventHub: Event Planning portal, Bud-E: Robotics, Huro: Image Recognition and Thermal signatures) and one Patent review (ChaseView: See What Matters). Mahesh led the Cloud and DevOps adoption efforts for his team in one of the world’s largest bank.

What Do Our Students Say About Our Class?

TrustScore 4.9

Excellent

What do you Takeaway after this class?

Attend this 4-half day course and work In small teams to build a secure continuous delivery pipeline while learning the DevSecOps theory. The course takes you through small assignments, so you learn by doing. You don’t need to be technical to take this course. This course is recommended for Dev, Ops, Security, Infrastructure teams as well as scrum masters.

30+ techniques and tools
30+ Tools and techniques to improve product delivery, automate delivery pipelines and team collaboration
Learn DevOps build and practice
Learn how to build and practice continuous integration, continuous testing, continuous monitoring and continuous deployment

DevOps Institute
Industry leading DevOps certification from DevOps Institute
Case Studies
Real life case studies of successful DevOps Implementations

Add- On Lab

Buy the hands-on lab valued at $1095 for only $395 as an add-on with this course

Progress your skills with hands-on labs
In these hands-on labs you will use GitHub Actions to create a DevSecOps pipeline all the way from making a code change to deploying that change to a production environment. DevOps is a combination of Culture, Tools and Practices. One of the important practice is building CICD pipeline. In DevSecOps security testing is integrated and automated with your pipeline. You will be given all the required resources to create your pipeline.
Local Deployment
Create a pull request from the Base branch into the new-feature branch. Then build and launch the applications locally on your AWS Cloud9 IDE (Integrated development environment). This will create a local version of your web application.
Build using GitHub Actions workflow
GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production. You can configure a GitHub Actions workflow to be triggered when an event occurs in your repository, such as a pull request being opened or an issue being created. In this example we are going to use a sample JAVA spring boot application and add github actions workflow.

Add Software Composition Analysis
Software Composition Analysis (SCA) is an application security methodology for managing open source components. Using SCA, development teams can quickly track and analyze any open-source component brought into a project. SCA tools can discover all related components, their supporting libraries, and their direct and indirect dependencies. SCA tools can also detect software licenses, deprecated dependencies, as well as vulnerabilities and potential exploits. The scanning process generates a bill of materials (BOM), providing a complete inventory of a project’s software assets.
Add Static Application Security Testing
Detect, explain and give appropriate next steps for Security Vulnerabilities and Hotspots in code review with Static Application Security Testing (SAST). In this example you will use Sonar for SAST
Add Dynamic Application Security Testing
DAST is a process of testing an application or software product in an operating state. In this example your will build your Dynamic Application Security Testing (DAST) using OWAPS ZAP tool.
Fix Security Vulnerability on the most unsecure application
Optionally get a play ground with a sample unsecure web application. Fix security vulnerability in this application in a gamified mode.

The DevSecOps Foundations Certification Is Designed For…

How can we help you?

FAQ

What is the cancellation policy?

Concepts & Beyond support staff is happy to assist you!
We understand that things can change, to cancel or substitute your registration for future date please contact us via email info@conceptsandbeyond.com or call us at 201-374-0893. Please note! Cancellation is possible up to 5 days before the start of a course with full refund excluding 4% transaction fee. Cancellation request received within 5 full business days prior to the course, will receive a credit (no cash value) towards a future workshop. No credits or refunds will be available for participants who fail to attend after the class starts.

What is the format of this class?

This class is scheduled for four days for 4 hours each in which the first hour is live online training on DevOps theory, the second hour is focused on hands-on labs and the last hour is focused on learning the material required to take the DevOps institute test. There are several small breaks planned so that you can learn the material in shorter chunks

What are Benefits for Organizations ?

With the rising number of data breaches and increased emphasis on data privacy regulations, organizations need to prioritize security and compliance measures into everyday workflows.

Developing software that is secure by design
Improved assurance of meeting security, compliance, legal and regulatory requirements
Frictionless relationship between security professionals and developers
Better formed, scalable, and speed-aware security practices

What are Benefits for Individuals?

Understanding the contribution of DevSecOps to GRC and delivering business value.
Understanding that security and speed in software development are not inversely related objectives
Internalizing the contribution of tools and automation in DevSecOps
Understanding the role of culture in shifting security left

Do I need to be hand-on technology practitioner to take this course?

Participants should have baseline knowledge and understanding of common DevOps definitions and principles. You don’t need to be technical to take this course. This course explains how DevOps security practices differ from other approaches. Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. At the course’s end, participants will understand “security as code” to make security and compliance value consumable as a service.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Advanced Certified Scrum Master

Certified DevSecOps Foundations (DSOF)℠

DevSecOps Certified – Training Focused on Continuous Security

Get Hands – On Experience with DevSecOps

Course Breakdown In 7 Easy Modules

Practices

Cyberthreat landscape. (CTL)

Responsive Model

Automation

Implementation

Stakeholders

Organization

Your Instructor

Anil Jaising

Mahesh Biradar

What Do Our Students Say About Our Class?

TrustScore 4.9

Excellent

"The instructor was resourceful and had very direct approach to the material, it felt like hanging out with my friends but every word was opening a new dominion of knowledge."

"I would highly recommend attending it because of the ease of acquiring new skills and the level of detail being studied."

"Such a fun and welcoming space to learn something brand new to me! I was scared to take a CSM course, but Anil made me feel competent and at ease. 10/10 recommend taking this course with him!"

What do you Takeaway after this class?

30+ techniques and tools

Learn DevOps build and practice

DevOps Institute

Case Studies

Add- On Lab

Progress your skills with hands-on labs

Local Deployment

Build using GitHub Actions workflow

Add Software Composition Analysis

Add Static Application Security Testing

Add Dynamic Application Security Testing

Fix Security Vulnerability on the most unsecure application

The DevSecOps Foundations Certification Is Designed For…

How can we help you?

FAQ

What is the cancellation policy?

What is the format of this class?

What are Benefits for Organizations ?

What are Benefits for Individuals?

Do I need to be hand-on technology practitioner to take this course?

Our Training

Consulting

Information

Connect With Us

Enquire Now