Search
START TYPING AND PRESS ENTER TO SEARCH

SecDevOps Foundation® (SDOF) Certification Training - Ratio

/ 0 comment
SecDevOps Foundation® (SDOF) Certification Training

SecDevOps Foundation® (SDOF) Certification Training

SKU: SECDEVOPS-FOUNDATION-SDOF-CERTIFICATION-TRAINING Category:

Description

Description

This SecDevOps Foundation® (SDOF) Certification Training course will help you prepare for and successfully attain the SecDevOps Foundation Certification. In this course, you will learn the following:

Benefits, concepts, and vocabulary of SecDevOps and DevSecOps
How SecDevOps and DevSecOps evolved from Agile
Differences between DevOps practices and other cybersecurity approaches

Training Objectives

  • Prepare for the DevOps Institute SecDevOps Foundation Certification (SDOF) with the world's first accredited SecDevOps certification course
  • Trace the history and evolution of SecDevOps
  • Integrate SecDevOps roles with a DevOps culture and organisation
  • Receive official certification from the DevOps Institute (DOI)

Course Outline

  • Module 1: Agile/DevOps Foundation Review<br />
  • What is Agile/DevOps?<br />
  • DevOps Goals<br />
  • DevOps Values<br />
  • DevOps Stakeholders<
  • Module 2: Why SecDevOps?<br />
  • Key terms and concepts<br />
  • Why SecDevOps is important<br />
  • 3 Ways to think about DevOps + Security<br />
  • Key principles of SecDevOps<br />
  • SecDevOps security-first philosophy<br />
  • SecDevOps evolution from DevSecOps<
  • Module 3: Culture and Management<br />
  • Key terms and concepts<br />
  • How much security is enough?<br />
  • Threat modelling<br />
  • Context is everything<br />
  • High-velocity risk management<br />
  • Team security profiling<
  • Module 4: General Security Considerations<br />
  • Avoiding the checkbox trap<br />
  • Basic security hygiene<br />
  • Architectural considerations<br />
  • Federated identity<br />
  • Log management<
  • Module 5: Feature and Security Workflow<br />
  • Configuration management<br />
  • Centralised workflow<br />
  • Workflow branch classifications<br />
  • Pre- and post-commit<br />
  • Deployment and release orchestration<
  • Module 6: Acquisition Lifecycle Security<br />
  • Needs Phase requirements vs. security<br />
  • Acquisition Review Board (ARB)<br />
  • Analyse/Select Phase measurement metrics<br />
  • Obtain phase life cycle<br />
  • Planning and scheduling<br />
  • Dispose phase concerns<
  • Module 7: Identity and Access Management (IAM)<br />
  • Key terms and concepts<br />
  • Identity and Access Management (IAM) basic concepts<br />
  • Why IAM is important<br />
  • Implementation guidance<br />
  • Automation opportunities<br />
  • How to hurt yourself with IAM<
  • Module 8: Application Security<br />
  • Application Security Testing (AST)<br />
  • Testing Techniques<br />
  • Prioritising Testing Techniques<br />
  • Issue Management Integration<br />
  • Threat Monitoring<br />
  • Leveraging Automation<br />
  • Secure coding and Open Web Application Security Project (OWASP) compliance<
  • Module 9: Operational Security<br />
  • Key terms and concepts<br />
  • Basic security hygiene practices<br />
  • Role of operations management<br />
  • The Ops environment<br />
  • Embracing fail-early, fail-first<br />
  • Security infrastructure as code<
  • Module 10: Cross-Team Security<br />
  • Key terms and concepts<br />
  • Establishing trust<br />
  • Promoting shared responsibility<br />
  • Team verification techniques<br />
  • Embedded point-of-contact<br />
  • Security, development, and operations sprints<
  • Module 11: Roles and Responsibilities<br />
  • SecDevOps Coach<br />
  • Product Owner Expanded Responsibilities<br />
  • Programme and Project Manager<br />
  • Information System Security Officer (ISSO)<br />
  • SecDevOps Engineer<br />
  • Site Reliability Engineer<
  • Module 12: Governance, Risk, Compliance (GRC) Audit<br />
  • Key terms and concepts<br />
  • What is GRC?<br />
  • Why care about GRC?<br />
  • Rethinking policies<br />
  • Policy as code<br />
  • Shifting audit left<br />
  • Three myths of segregation of duties vs. DevOps<
  • Module 13: Logging, Monitoring, and Response<br />
  • Key terms and concepts<br />
  • Setting up log management<br />
  • Incident response and forensics<br />
  • Threat intelligence and information sharing<
  • Module 14: Continual Improvement<br />
  • Retrospectives<br />
  • Continuous learning<br />
  • Open Collaboration (including security)<br />
  • Shared intelligence<
  • Module 14: Review and Summary<br />
  • Exam review<br />
  • Key course concepts<br />
  • Next steps

Have a Question About This Course?




    Related products