A Practical Introduction to DevSecOps
Published by Pearson
Leveraging DevSecOps to increase business speed, agility, and security
DevOps has taken the world by storm, but what about security? Can you expect to operate at the speed of cloud, and maintain security in your applications and infrastructure at the same time? Where do you get started? These questions and more are answered in this live training, where you will get a no-nonsense overview of how DevOps and security intersect. In addition to demonstrations and live Q&A, Distinguished Architect Chris Jackson provides real-lfe examples of how to leverage DevSecOps to increase the speed, agility, and security of your organization’s application projects.
This 8-hour live training will be conducted over two days. Learn about the various tools DevSecOps practitioners use to achieve their goals, including:
- Containers
- Kubernetes
- CI/CD pipelines
- Secure code analysis
- Vulnerability assessment
- Many other technologies
This training will include numerous demonstrations of DevSecOps technologies providing context and real-life examples. The training can also serve as a study resource for DevSecOps certifications like, Certified DevSecOps Professional and Expert from Practical DevSecOps. This is the introduction to DevSecOps that you’ve been looking for. Access to all code and demonstrations materials so that you can experiment on your own.
What you’ll learn and how you can apply it
By the end of the live online course, you’ll understand:
- DevSecOps practices: how they help your company move faster, be more agile, and maintain security posture
- DevSecOps pipelines
And you’ll be able to:
- Accelerate the adoption of DevSecOps in your company
- Secure applications during build and operations of a CI/CD pipeline
- Build security into the DevOps process
- Build your own DevSecOps automation pipeline
This live event is for you because...
- You are new to DevOps and want to know how to implement it securely
- You want your developers, operations, and security teams to start working together instead of point fingers at each other
- You need no nonsense guidance on DevSecOps technologies that work
- You are a software developer, security practitioner, or infrastructure operations engineer wanting to learn what role you can play in DevSecOps
Prerequisites
- Basic computer science terminology and concepts. Beginner level knowledge of security.
Course Set-up
- Demos and code examples at https://github.com/chrijack/DevSecOps-Class.git
Recommended Preparation
- Watch: Practical Python for DevOps Engineers https://learning.oreilly.com/videos/practical-python-for/9780137659067/
- Attend: A Practical Introduction to DevOps (Live Online Training) by Chris Jackson: Search O’Reilly for upcoming date
Recommended Follow-up
- Attend: Hands-On Kubernetes and Docker Security (Live Online Training) by Omar Santos: Search O’Reilly for upcoming date
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1
Segment 1 What is DevSecOps? (50 min)
- Intro and overview
- 3 ways of DevOps
- Lean and Agile
- Developer vs Operations vs Security
- Waterfall vs Agile Software Development
- Pulling these concepts together
Break (10 min)
Segment 2 Security and App Development (50 min)
- Security Primer
- CIA
- Risk Assessment
- Demo: Threat Modeling
- Demo: Securing Applications
Break (10 min)
Segment 3 Securing code and applications (50 min)
- Demo: Software Composition Analysis
- Demo: Static Application Security Testing
- Demo: Dynamic Application Security Testing
- Security Testing Patterns
- Integrating security in DevOps
Break (10 min)
Segment 4: DevSecOps Pipeline (50 min)
- Building your DevSecOps tool chain
- Core DevSecOps tools
- Demo: Continuous integration and Continuous Deployment
- Defining your DevSecOps workflow
End of Day Q&A (10 min)
Day 2
Segment 5: Building a DevSecOps Pipeline (50 min)
- Threat Modeling
- Demo: Scanning for data
- Demo: SAST
- Demo: DAST
- Demo: SCA
Break (10 min)
Segment 6: Building a DevSecOps Pipeline 2 (50 min)
- Vulnerability Assessment
- Enforcing Compliance
- Demo: Managing Secrets
- Demo: Identity Authorization Management
Break (10 min)
Segment 7: Security Operations and DevOps (50 min)
- Knowing when something happens
- Demo: Logging and the role of AI
- Good Security management practices
- Demo: Red-team Blue-team exercises
Break Q&A (10 min)
Segment 8: Advice on getting started (50 min)
- Cultural aspects
- Build security in
- Breaking down silos
- Defining the business case
End of day/course wrap (10 min)
Your Instructor
Chris Jackson
Chris Jackson, CCIE No. 6256, is a Distinguished Architect and CTO for Cisco Global Sales Enablement. He is the author of Network Security Auditing (CiscoPress, 2010), CCNA Cloud CLDADM 210-455 Official Cert Guide (CiscoPress, 2016), and Cisco Certified DevNet Associate DEVASC 200-901 Official Cert Guide (CiscoPress, 2020). Chris is focused on digital transformation, DevOps, and helping customers leverage the tremendous business value Cisco technologies can provide. He holds dual CCIEs in security and routing and switching, CISA, CISSP, ITIL v3, seven SANS certifications, and a bachelor's degree in business administration. Residing in Franklin, Tennessee, Chris enjoys tinkering with RC drones, robotics, and anything else that can be programed to do his bidding. In addition, he is a 3rd Degree Black Belt in Taekwondo, rabid Star Wars fan, and has a ridiculous collection of Lego.