Certified DevSecOps Leader CDL
The DevSecOps Leader course helps leaders and managers in influencing DevSecOps transformation practices in the enterprise.
In this course, you will be able to:
1. Understand the basics of DevSecOps from the business perspective
2. Assess the DevSecOps Maturity of the organization(PDSOMM)
3. Design the DevSecOps Strategy for an organization(Wardley mapping and Cynefin)
4. Influence organizational’s culture for shift left approach
5. Gain confidence in steering the organization in the right direction
6. Increase the productivity of your team by prioritizing the GRC efforts
This DevSecOps Certification Course is practical in nature with 15+ case studies, hands-on exercises, and demos in our state of the art online labs.
After the training, you can attempt:
1. Earn the Certified DevSecOps Leader certification by passing a 6-hour practical exam.
2. Prove to employers and peers, the strategic understanding of DevSecOps transformation.
Prerequisites
- The DevSecOps Leader Course has no specific prerequisites.
Chapter 1: DevSecOps Introduction
- What is DevSecOps?
- Why DevSecOps?
- DevSecOps Building Blocks- People, Process, and Technology.
- DevSecOps Benefits (Technical and Business benefits).
- DevSecOps Principles – Culture, Automation, Measurement, and Sharing (CAMS).
- Agile, DevOps, and cloud as a business enabler.
- Security in DevOps and Cloud-Native world.
- Security archetypes of DevOps
- Top 10 myths of DevSecOps
Demo: A full enterprise-grade DevSecOps Pipeline.
Chapter 2: DevSecOps And Strategy
- Problems with current business and security strategy.
- Good strategy vs Bad Strategy
- Archetype model
- Designing a DevSecOps strategy for a modern security organisation.
- Strategy tooling and frameworks
- Wardley Mapping & Strategy cycle
- Bonus content: Applying concepts
- Wardley mapping summary
- Cynefin framework
- Wardley Mapping & Strategy cycle
- Managing constraint
Hands-On: Create a map and the 4 problems
Chapter 3: DevSecOps Activities And Culture
- Developing culture
- Basic assumptions
- Values
- Artefacts
- Typology of culture
- Secure SDLC Activities and problems with Security Gates
- Security Awareness/Training.
- Security Requirements
- Threat Modelling (Design)
- Hands-on: RTMP review and creation of Threat model
- Privacy Requirements ( LINDDUN)
- Bonus content: Interview with Kim Wuyts (LINDDUN)
- Hands-on: LINDDUN Go Threat modelling
- DevSecOps tools and automation
- Component security analysis (OAST)
- Demo : component Analysis (OAST)
- Static Analysis and Secure by Default ( Implementation).
- Demo : Static Analysis (SAST)
- Dynamic Analysis (Testing).
- Demo : Dynamic Analysis (DAST)
- OS Hardening, Web/Application Hardening (Deploy).
- Demo : Inspec
- Security Monitoring/Compliance (Maintain).
- Demo : Inspec in CI/CD
- Incident Response in DevOps ages
- Effective DevOps Incident Management
- Component security analysis (OAST)
- Critical DevSecOps prerequisites
- Cloud Platform.
- Shifting Security Left.
- Using metrics and measurements to drive the DevSecOps program.
Chapter 4: DevSecOps In Current Security Program
- DevSecOps in the current Security program (GRC?)
- Governance, Risk, and Compliance (GRC) in DevSecOps World
- Change Management in DevOps
- A peer-reviewed change approval process
- Version control everything
- Proactive monitoring
- High-trust organizational culture
- A win-win relationship between dev and ops (Jez humble)
- DevSecOps as a risk management mechanism
- Auditing systems the modern way
- Compliance in CI/CD pipelines
- Compliance as Code
- Demo: Using Inspec to achieve compliance
- Demo: Integrate Inspec within CI/CD pipeline
Chapter 5: Security Management And Team Topologies
- Security Roles in DevSecOps
- Patterns for Team Topologies
- Speaking in Stories
- Prioritizing security tasks in DevSecOps
- Working with other stakeholders in the organization.
- Security Champions Program
- Hands-On: Strategy in a security program
- Hands-On: Define security activities in organizations
- Hands-On: Structure with current infosec teams
- Hands-On: Create epics and related stories
- Hands-On: Impact from security program gap thinking
Chapter 6: DevSecOps Maturity Model
- Maturity levels and tasks involved
- 4-axes in DevSecOps Maturity Model (DSOMM)
- How to go from Maturity Level 1 to Maturity Level 4
- Best practices for Maturity Level 1
- Considerations for Maturity Level 2
- Challenges in Maturity Level 3
- Dream of achieving Maturity Level 4
Chapter 7: Review And Summary
- Common Challenges faced when using DevOps principle.
- Case studies on DevOps of cutting edge technology at Facebook, Amazon, and Google