DevSecOps Foundation
Prevent data breaches and grow your teams’ knowledge on data privacy regulations. DevSecOps Foundation helps your team to prioritize security and compliance measures into everyday workflows.
1.1 Origins of DevOps
1.2 Evolution of DevSecOps
Discussion - Does security slow us down?
1.3 Other Frameworks
Case Story - Aetna
1.4 CALMS
Video - DevSecOps: What is it? Why is it taking over security?’ with Shannon Lietz (19:18)
FREE PREVIEW1.5 The Three Ways
Exercise - Understanding and influencing an organization
Module Quiz
Video - ‘The Industrial Cyberthreat Landscape: 2019 Year in Review’ with Robert M Lee (09:16)
FREE PREVIEW2.1 Storytime and Outcomes
Discussion - What does Secure mean?
2.2 What is the Cyber Threat Landscape?
2.3 What is the threat?
Exercise - EoP Card Game
2.4 What do we protect from?
2.5 What do we protect, and why?
Case Story - Maersk
2.6 How do I talk to security?
Module Quiz
3.1 Model with components
Discussion - What do you want from security?
3.2 Technical, business and human toll outcomes
Case Story - NCR
3.3 What’s being measured? Integration, current state and delta
Video - ‘What is DevSecOps?’ with Dave Farley (19:11)
FREE PREVIEW3.4 Gating and thresholding
3.5 Incremental improvements
Exercise - Validate a responsive DevSecOps model
Module Quiz
4.1 The DevSecOps State of Mind
4.2 What “good” culture looks like
Video - ‘Lean and Agile Adoption with the Laloux Culture Model’ with Peter Green (09:21)
FREE PREVIEW4.3 The DevSecOps Stakeholders
4.4 What’s at stake for who?
Case Story - US Department of Defense
4.5 People, process, technology and governance
Discussion - How can you influence your organization?
Exercise - Modeling stakeholder conversations - 'difficult questions'
Module Quiz
5.1 Start where you are
5.2 Integrating people, process, technology and governance
5.3 Continuous Security for DevSecOps
Video - ‘The Rise of DevSecOps’ with Yvonne Wassenaar (14:58)
FREE PREVIEW5.4 Onboarding process for stakeholders
Exercise - Wicked Questions
5.5 Practices and outcomes
5.6 Data driven decision making and response
Case Story - Comcast
Discussion - What are your worst practices?
Module Quiz
6.1 Identifying target state
6.2 Value stream-thinking
6.3 Flow
6.4 Feedback
6.5 Learning
Case Story - Sentara Healthcare
Discussion - Value Stream Mapping Experiences
Exercise - Reference Architecture Analysis
Video - ‘Building Security into an Agile Cloud Transformation Project’ by Chris Rutter (24:57)
FREE PREVIEWModule Quiz
7.1 The goal of a DevOps pipeline
Discussion - What are the goals of a DevOps pipeline?
7.2 Why continuous compliance is important
Video - ‘Overview of DevSecOps’ by Nicolas Chaillan (6:24)
FREE PREVIEW7.3 Archetypes and reference architectures
7.4 Coordinating DevOps Pipeline construction
Case Story - World Bank Group
7.5 DevSecOps tool categories, types and examples
Exercise - Explore SAST, DAST, IAST, SCA, CSA
Module Quiz
Video - https://youtu.be/o7-IuYS0iSE ‘Failure and The Third Way’ with Aaron Blythe (5:26)
FREE PREVIEW8.1 Security Training Options
Discussion - 3 Ways to Free Learning
8.2 Training as Policy
8.3 Experiential Learning
8.4 Cross-Skilling
Case Story - Ericson
8.5 The DevSecOps Collective Body of Knowledge
8.6 Preparing for the DevSecOps Foundation certification exam
8.7 Next Steps
Exercise - Retrospective
Module Quiz
Feedback - your feedback is important to us, let us know how you feel about this learning.