SecDevOps Foundation® (SDOF) Certification Training

This SecDevOps Foundation® (SDOF) Certification Training course will help you prepare for and successfully attain the SecDevOps Foundation Certification. In this course, you will learn:

• Benefits, concepts, and vocabulary of SecDevOps and DevSecOps
• How SecDevOps and DevSecOps evolved from Agile
• Differences between DevOps practices and other cybersecurity approaches

SecDevOps Training Delivery Methods

• In-Person

• Online

SecDevOps Training Benefits

• Prepare for the DevOps Institute SecDevOps Foundation Certification (SDOF) with the world's first accredited SecDevOps certification course

• Trace the history and evolution of SecDevOps.

• Integrate SecDevOps roles with a DevOps culture and organisation

• Receive official certification from the DevOps Institute (DOI)

• Continue learning and face new challenges with after-course one-on-one instructor coaching

SecDevOps Training Outline

Module 1: Agile/DevOps Foundation Review

In this module, you will learn how to:

• What is Agile/DevOps?
• DevOps Goals
• DevOps Values
• DevOps Stakeholders

Module 2: Why SecDevOps?

In this module, you will learn how to:

• Key terms and concepts
• Why SecDevOps is important
• 3 Ways to think about DevOps + Security
• Key principles of SecDevOps
• SecDevOps security-first philosophy
• SecDevOps evolution from DevSecOps

Module 3: Culture and Management

In this module, you will learn how to:

• Key terms and concepts
• How much security is enough?
• Threat modeling
• Context is everything
• High-velocity risk management
• Team security profiling

Module 4: General Security Considerations

In this module, you will learn how to:

• Avoiding the checkbox trap
• Basic security hygiene
• Architectural considerations
• Federated identity
• Log management

Module 5: Feature and Security Workflow

In this module, you will learn how to:

• Configuration management
• Centralised workflow
• Workflow branch classifications
• Pre- and post-commit
• Deployment and release orchestration

Module 6: Acquisition Lifecycle Security

In this module, you will learn how:

• Needs Phase requirements vs. security
• Acquisition Review Board ( ARB )
• Analyse/Select Phase measurement metrics
• Obtain phase life cycle
• Planning and scheduling
• Dispose phase concerns

Module 7: Identity and Access Management (IAM)

In this module, you will learn how to:

• Key terms and concepts
• IAM basic concepts
• Why IAM is important
• Implementation guidance
• Automation opportunities
• How to hurt yourself with IAM

Module 8: Application Security

In this module, you will learn how to:

• Application Security Testing ( AST )
• Testing Techniques
• Prioritising Testing Techniques
• Issue Management Integration
• Threat Monitoring
• Leveraging Automation
• Secure Coding and OWASP compliance

Module 9: Operational Security

In this module, you will learn how to:

• Key Terms and Concepts
• Basic Security Hygiene Practices
• Role of Operations Management
• The Ops Environment
• Embracing Fail-Early, Fail-First
• Security infrastructure as code

Module 10: Cross-Team Security

In this module, you will learn how to:

• Key Terms and Concepts
• Establishing Trust
• Promoting Shared Responsibility
• Team Verification Techniques
• Embedded Point-of-Contact
• Security, Development and Operations Sprints

Module 11: Roles and Responsibilities

In this module, you will learn how to:

• SecDevOps Coach
• Product Owner Expanded Responsibilities
• Programme and Project Manager
• Information System Security Officer ( ISSO )
• SecDevOps Engineer
• Site Reliability Engineer

Module 12: Governance, Risk, Compliance (GRC) Audit

In this module, you will learn how to:

• Key Terms and Concepts
• What is GRC ?
• Why Care About GRC?
• Rethinking Policies
• Policy as Code
• Shifting Audit Left
• 3 Myths of Segregation of Duties vs. DevOps

Module 13: Logging, Monitoring and Response

In this module, you will learn how to:

• Key Terms and Concepts
• Setting Up Log Management
• Incident Response and Forensics
• Threat Intelligence and Information Sharing

Module 14: Continual Improvement

In this module, you will learn how to:

• Retrospectives
• Continuous Learning
• Open Collaboration (including security)
• Shared intelligence

Module 14: Review and Summary

In this module, you will learn how to:

• Exam Review
• Key course concepts
• Next steps