Certified DevSecOps Foundations (DSOF)℠
DevSecOps Certified – Training Focused on Continuous Security
- Incorporate Continuous security in your product pipeline
- Evaluate the latest DevSecOps tools for success for your organization
- Build a DevSecOps infrastructure through Platform as a Service, Server-less construction, and event-driven mediums
Get Hands – On Experience with DevSecOps
No course would be complete without practical application and this course teaches the steps to integrate security programs from the developers and operators through the business C-level.
Every stakeholder plays a part, and the learning material highlights how professionals can use these tools as the primary means of protecting the organization and customers through multiple case studies, video presentations, discussion options, and exercise material to maximize learning value.
These real-life scenarios create tangible takeaways participants can leverage upon their return to the home office. This course positions learners to pass the DevSecOps Foundation exam
By the conclusion of this dynamic workshop – you will be prepared with the skills, knowledge, and experience to not only explain DevSecOps , but also learn to automation and devsecops toolchains.
Become a catalyst for change by helping your teams and programs apply these concepts to become resilient, learning organizations able to thrive in today’s emerging markets.
Schedule doesn’t fit?
See the upcoming classes below for other dates/times
Course Breakdown In 7 Easy Modules
Practices
Security is integrated into people, processes, technology, and governance practices. Continuous security practices for DevSecOps are implemented in onboarding processes for stakeholders. Security practices and outcomes are monitored and improved using data-driven decision-making and response patterns. Lean and value stream thinking ensures that security does not cause waste, delays, or constraints for flow
Cyberthreat landscape. (CTL)
Tactics, techniques, and procedures (TTP) describe how threat agents orchestrate and manage attacks. Threat Models optimize security by identifying objectives and vulnerabilities such as OWASP top ten, before defining countermeasures. Continuous Delivery practices are engaged to realize continuous governance, risk management, and compliance.
Responsive Model
Security is made continuously adaptive and auditable by breaking security silos, cultivating a symbiotic relationship between security and other business units. Security specific practices and integrated toolsets as code (such as security scans) enable automated security KPIs and observable security practices into the DevOps value stream
Automation
Security tests and scanning tools are integrated into the CI/CD pipeline to find known vulnerabilities (published CVEs) and common software weaknesses (CWEs). Repetitive security tasks are automated such as configurations, Fuzz testing, and long-running security tasks. Compliance as Code helps in automating compliance requirements to foster collaboration, repeatability, and continuous compliance.
Implementation
Value Stream Mapping establishes where security activities and bottlenecks currently happen. Collaborative design of a target value state map addresses security requirements, communication, and automation improvements. Scope of the design includes practices for Artifact Management, Risk Management, Identity Access Management, Secrets Management, Encryption, Governance, Risk and Compliance, Monitoring and Logging, Incident response and learning.
Stakeholders
Gaps between traditional waterfall security cultures and fast-paced DevOps cultures are removed by building collaboration and trust. Through improving credibility, reliability, and empathy while reducing self-interest. Decisions are based on advice from everyone affected and people with expertise using systems thinking. Shared metrics assure adaptable governance using discipline, with automation, transparency, and accountability
Organization
Continuous DevSecOps learning programs are implemented to meet evolving security requirements for the organization and individuals using strategies such as lunch and learns, mentoring, professional education, employee learning plans, structured training classes, Dojos, retrospective learning, gamification, and DevOps Institute SKILup Days.
Your Instructor
Anil Jaising
Chief Product Owner and Trainer at Concepts and Beyond
Mahesh Biradar
AWS Solutions Architect
What Do Our Students Say About Our Class?
TrustScore 4.9
Excellent
"Anil is an excellent trainer. He ensures that you understand the concepts as well as gives you live examples which makes it worth while. I believe I am good at agile, specifically the scrum framework and these are the trainings that I received from Anil. He also helps you in getting more info and replies to your personal queries."
- Vikas Y
"The instructor was resourceful and had very direct approach to the material, it felt like hanging out with my friends but every word was opening a new dominion of knowledge."
- Mark L
"I would highly recommend attending it because of the ease of acquiring new skills and the level of detail being studied."
- Ulrich Z
"Such a fun and welcoming space to learn something brand new to me! I was scared to take a CSM course, but Anil made me feel competent and at ease. 10/10 recommend taking this course with him!"
Haley Niemann
What do you Takeaway after this class?
The DevSecOps Foundations Certification Is Designed For…
- DevOps Engineers
- Delivery Staff
- Compliance Team
- IT Managers
- Scrum Masters
- Release Managers
- IT Security Professionals
- Practitioners
- Managers
- Maintenance
- Quality Assurance Teams
- Site Reliability Engineers
- Testers
- Managed Service Providers
- Project Managers
- Product Managers
- Software Engineers
- And more!
How can we help you?
FAQ
What is the cancellation policy?
Concepts & Beyond support staff is happy to assist you!
We understand that things can change, to cancel or substitute your registration for future date please contact us via email info@conceptsandbeyond.com or call us at 201-374-0893. Please note! Cancellation is possible up to 5 days before the start of a course with full refund excluding 4% transaction fee. Cancellation request received within 5 full business days prior to the course, will receive a credit (no cash value) towards a future workshop. No credits or refunds will be available for participants who fail to attend after the class starts.
What is the format of this class?
This class is scheduled for four days for 4 hours each in which the first hour is live online training on DevOps theory, the second hour is focused on hands-on labs and the last hour is focused on learning the material required to take the DevOps institute test. There are several small breaks planned so that you can learn the material in shorter chunks
What are Benefits for Organizations ?
With the rising number of data breaches and increased emphasis on data privacy regulations, organizations need to prioritize security and compliance measures into everyday workflows.
- Developing software that is secure by design
- Improved assurance of meeting security, compliance, legal and regulatory requirements
- Frictionless relationship between security professionals and developers
Better formed, scalable, and speed-aware security practices
What are Benefits for Individuals?
- Understanding the contribution of DevSecOps to GRC and delivering business value.
- Understanding that security and speed in software development are not inversely related objectives
- Internalizing the contribution of tools and automation in DevSecOps
Understanding the role of culture in shifting security left
Do I need to be hand-on technology practitioner to take this course?
Participants should have baseline knowledge and understanding of common DevOps definitions and principles. You don’t need to be technical to take this course. This course explains how DevOps security practices differ from other approaches. Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. At the course’s end, participants will understand “security as code” to make security and compliance value consumable as a service.