DevSecOps Foundation
Prevent data breaches and grow your teams’ knowledge on data privacy regulations. DevSecOps Foundation helps your team to prioritize security and compliance measures into everyday workflows.
Course curriculum
-
2
1. Realizing DevSecOps Outcomes
-
1.1 Origins of DevOps
-
1.2 Evolution of DevSecOps
-
Discussion - Does security slow us down?
-
1.3 Other Frameworks
-
Case Story - Aetna
-
1.4 CALMS
-
Video - DevSecOps: What is it? Why is it taking over security?’ with Shannon Lietz (19:18)
FREE PREVIEW -
1.5 The Three Ways
-
Exercise - Understanding and influencing an organization
-
Module Quiz
-
-
3
2. Defining the Cyberthreat Landscape (CTL)
-
Video - ‘The Industrial Cyberthreat Landscape: 2019 Year in Review’ with Robert M Lee (09:16)
FREE PREVIEW -
2.1 Storytime and Outcomes
-
Discussion - What does Secure mean?
-
2.2 What is the Cyber Threat Landscape?
-
2.3 What is the threat?
-
Exercise - EoP Card Game
-
2.4 What do we protect from?
-
2.5 What do we protect, and why?
-
Case Story - Maersk
-
2.6 How do I talk to security?
-
Module Quiz
-
-
4
3. Building a Responsive DevSecOps Model
-
3.1 Model with components
-
Discussion - What do you want from security?
-
3.2 Technical, business and human toll outcomes
-
Case Story - NCR
-
3.3 What’s being measured? Integration, current state and delta
-
Video - ‘What is DevSecOps?’ with Dave Farley (19:11)
FREE PREVIEW -
3.4 Gating and thresholding
-
3.5 Incremental improvements
-
Exercise - Validate a responsive DevSecOps model
-
Module Quiz
-
-
5
4. Integrating DevSecOps Stakeholders
-
4.1 The DevSecOps State of Mind
-
4.2 What “good” culture looks like
-
Video - ‘Lean and Agile Adoption with the Laloux Culture Model’ with Peter Green (09:21)
FREE PREVIEW -
4.3 The DevSecOps Stakeholders
-
4.4 What’s at stake for who?
-
Case Story - US Department of Defense
-
4.5 People, process, technology and governance
-
Discussion - How can you influence your organization?
-
Exercise - Modeling stakeholder conversations - 'difficult questions'
-
Module Quiz
-
-
6
5. Establishing DevSecOps Practices
-
5.1 Start where you are
-
5.2 Integrating people, process, technology and governance
-
5.3 Continuous Security for DevSecOps
-
Video - ‘The Rise of DevSecOps’ with Yvonne Wassenaar (14:58)
FREE PREVIEW -
5.4 Onboarding process for stakeholders
-
Exercise - Wicked Questions
-
5.5 Practices and outcomes
-
5.6 Data driven decision making and response
-
Case Story - Comcast
-
Discussion - What are your worst practices?
-
Module Quiz
-
-
7
6. Best Practices to Get Started
-
6.1 Identifying target state
-
6.2 Value stream-thinking
-
6.3 Flow
-
6.4 Feedback
-
6.5 Learning
-
Case Story - Sentara Healthcare
-
Discussion - Value Stream Mapping Experiences
-
Exercise - Reference Architecture Analysis
-
Video - ‘Building Security into an Agile Cloud Transformation Project’ by Chris Rutter (24:57)
FREE PREVIEW -
Module Quiz
-
-
8
7. DevOps Pipelines and Continuous Compliance
-
7.1 The goal of a DevOps pipeline
-
Discussion - What are the goals of a DevOps pipeline?
-
7.2 Why continuous compliance is important
-
Video - ‘Overview of DevSecOps’ by Nicolas Chaillan (6:24)
FREE PREVIEW -
7.3 Archetypes and reference architectures
-
7.4 Coordinating DevOps Pipeline construction
-
Case Story - World Bank Group
-
7.5 DevSecOps tool categories, types and examples
-
Exercise - Explore SAST, DAST, IAST, SCA, CSA
-
Module Quiz
-
-
9
8. Learning Using Outcomes
-
Video - https://youtu.be/o7-IuYS0iSE ‘Failure and The Third Way’ with Aaron Blythe (5:26)
FREE PREVIEW -
8.1 Security Training Options
-
Discussion - 3 Ways to Free Learning
-
8.2 Training as Policy
-
8.3 Experiential Learning
-
8.4 Cross-Skilling
-
Case Story - Ericson
-
8.5 The DevSecOps Collective Body of Knowledge
-
8.6 Preparing for the DevSecOps Foundation certification exam
-
8.7 Next Steps
-
Exercise - Retrospective
-
Module Quiz
-
-
10
Course Feedback
-
Feedback - your feedback is important to us, let us know how you feel about this learning.
-