- Training Calendar
- DevOps Accelerator Program
- Live Online Training
- At A Glance
- Our Team
No course would be complete without practical application and this course teaches the steps to integrate security programs from the developers and operators through the business C-level.
Every stakeholder plays a part, and the learning material highlights how professionals can use these tools as the primary means of protecting the organization and customers through multiple case studies, video presentations, discussion options, and exercise material to maximize learning value.
These real-life scenarios create tangible takeaways participants can leverage upon their return to the home office. This course positions learners to pass the DevSecOps Foundation exam
By the conclusion of this dynamic workshop – you will be prepared with the skills, knowledge, and experience to not only explain DevSecOps , but also learn to automation and devsecops toolchains.
Become a catalyst for change by helping your teams and programs apply these concepts to become resilient, learning organizations able to thrive in today’s emerging markets.
Schedule doesn’t fit?
See the upcoming classes below for other dates/times
Security is integrated into people, processes, technology, and governance practices. Continuous security practices for DevSecOps are implemented in onboarding processes for stakeholders. Security practices and outcomes are monitored and improved using data-driven decision-making and response patterns. Lean and value stream thinking ensures that security does not cause waste, delays, or constraints for flow
Tactics, techniques, and procedures (TTP) describe how threat agents orchestrate and manage attacks. Threat Models optimize security by identifying objectives and vulnerabilities such as OWASP top ten, before defining countermeasures. Continuous Delivery practices are engaged to realize continuous governance, risk management, and compliance.
Security is made continuously adaptive and auditable by breaking security silos, cultivating a symbiotic relationship between security and other business units. Security specific practices and integrated toolsets as code (such as security scans) enable automated security KPIs and observable security practices into the DevOps value stream
Security tests and scanning tools are integrated into the CI/CD pipeline to find known vulnerabilities (published CVEs) and common software weaknesses (CWEs). Repetitive security tasks are automated such as configurations, Fuzz testing, and long-running security tasks. Compliance as Code helps in automating compliance requirements to foster collaboration, repeatability, and continuous compliance.
Value Stream Mapping establishes where security activities and bottlenecks currently happen. Collaborative design of a target value state map addresses security requirements, communication, and automation improvements. Scope of the design includes practices for Artifact Management, Risk Management, Identity Access Management, Secrets Management, Encryption, Governance, Risk and Compliance, Monitoring and Logging, Incident response and learning.
Gaps between traditional waterfall security cultures and fast-paced DevOps cultures are removed by building collaboration and trust. Through improving credibility, reliability, and empathy while reducing self-interest. Decisions are based on advice from everyone affected and people with expertise using systems thinking. Shared metrics assure adaptable governance using discipline, with automation, transparency, and accountability
Continuous DevSecOps learning programs are implemented to meet evolving security requirements for the organization and individuals using strategies such as lunch and learns, mentoring, professional education, employee learning plans, structured training classes, Dojos, retrospective learning, gamification, and DevOps Institute SKILup Days.
AWS Solutions Architect
- Vikas Y
- Mark L
- Ulrich Z
30+ Tools and techniques to improve product delivery, automate delivery pipelines and team collaboration
Learn how to build and practice continuous integration, continuous testing, continuous monitoring and continuous deployment
Industry leading DevOps certification from DevOps Institute
Real life case studies of successful DevOps Implementations
In these hands-on labs you will use GitHub Actions to create a DevSecOps pipeline all the way from making a code change to deploying that change to a production environment. DevOps is a combination of Culture, Tools and Practices. One of the important practice is building CICD pipeline. In DevSecOps security testing is integrated and automated with your pipeline. You will be given all the required resources to create your pipeline.
Create a pull request from the Base branch into the new-feature branch. Then build and launch the applications locally on your AWS Cloud9 IDE (Integrated development environment). This will create a local version of your web application.
GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production. You can configure a GitHub Actions workflow to be triggered when an event occurs in your repository, such as a pull request being opened or an issue being created. In this example we are going to use a sample JAVA spring boot application and add github actions workflow.
Software Composition Analysis (SCA) is an application security methodology for managing open source components. Using SCA, development teams can quickly track and analyze any open-source component brought into a project. SCA tools can discover all related components, their supporting libraries, and their direct and indirect dependencies. SCA tools can also detect software licenses, deprecated dependencies, as well as vulnerabilities and potential exploits. The scanning process generates a bill of materials (BOM), providing a complete inventory of a project’s software assets.
Detect, explain and give appropriate next steps for Security Vulnerabilities and Hotspots in code review with Static Application Security Testing (SAST). In this example you will use Sonar for SAST
DAST is a process of testing an application or software product in an operating state. In this example your will build your Dynamic Application Security Testing (DAST) using OWAPS ZAP tool.
Optionally get a play ground with a sample unsecure web application. Fix security vulnerability in this application in a gamified mode.
Concepts & Beyond support staff is happy to assist you!
We understand that things can change, to cancel or substitute your registration for future date please contact us via email email@example.com or call us at 201-374-0893. Please note! Cancellation is possible up to 5 days before the start of a course with full refund excluding 4% transaction fee. Cancellation request received within 5 full business days prior to the course, will receive a credit (no cash value) towards a future workshop. No credits or refunds will be available for participants who fail to attend after the class starts.
This class is scheduled for four days for 4 hours each in which the first hour is live online training on DevOps theory, the second hour is focused on hands-on labs and the last hour is focused on learning the material required to take the DevOps institute test. There are several small breaks planned so that you can learn the material in shorter chunks
With the rising number of data breaches and increased emphasis on data privacy regulations, organizations need to prioritize security and compliance measures into everyday workflows.
Participants should have baseline knowledge and understanding of common DevOps definitions and principles. You don’t need to be technical to take this course. This course explains how DevOps security practices differ from other approaches. Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. At the course’s end, participants will understand “security as code” to make security and compliance value consumable as a service.
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|