SecDevOps Foundation® (SDOF) Certification Training

SecDevOps is the latest evolution in secure software development. Since its introduction in the guidebook by the U.S. Department of Homeland Security (DHS), it has become the go to methodology for writing highly secure computer programs, especially for government, commercial financial institutions and any other organizations which require the highest levels of cyber protection. This certification training course will help you prepare for and successfully attain the highly respected SecDevOps Foundation (SDOF) certification. In this course, you will learn:  Benefits, concepts, processes and vocabulary of SecDevOps to produce secure software and maintain high-quality agile delivery at speed and scale. Why SecDevOps evolved as an agile methodology and went past the original DevSecOps practice of Continuous Integration and Continuous Delivery to include security/regulator Continuous Compliance (CI/CD/CC). Which organizational culture changes and individual mindset perspectives are necessary to foster ongoing SecDevOps success and improvement. How to plan, design and use a pipeline to test and operationally deploy and monitor production infrastructure. Which techniques are best to find vulnerabilities and perform threat modeling to achieve a security-first perspective in the software development lifecycle. SecDevOps Foundation® (SDOF) Certification Training Benefits In this SecDevOps Foundation Course, you will: Prepare for official SecDevOps Foundational certification (SDOF) from the DevOps Institute by PeopleCert. Accelerate understanding and learning enjoyment through hands-on exercises and meaningful, problem-solving small group discussions. Establish continuous learning practices to face new challenges including leveraging after-course one-on-one instructor coaching included in the course tuition. Prerequisites None. SecDevOps Foundation Certification Details The 60-minute certification exam is open-book and taken online after the course delivery has finished. An exam voucher is included in the course tuition. The certification exam is administered through the DevOps Institute by PeopleCert. SecDevOps Foundation Training Outline Learning Objectives Module 1: SecDevOps Context Megatrends and Context CALM Principles The 3 Ways  Module 2: Background and Overview Iterative and incremental From Scrum to SecDevOps Automated testing Key principles and security-first philosophy  Exercise: Security Policy Test Planning Module 3: Tools, Technology and the Pipeline Continuous Integration, Delivery, Deployment and Compliance SecDevOps lifecycle and the Pipeline Pipeline for development Pipeline for operations (Configuration as Code) Exercise: Using a Vulnerability Scanner, Hands-On Cloud, containers and security integration Pipeline maturity and planning Pipeline and other development tools Exercise: Planning a Pipeline Module 4: Risk, Vulnerabilities and Threats Risk assessment – key goal Cyber intelligence (know the enemy) Threat and Vulnerability Catalogs Exercise: SQL Injection Example, Hands-On Threat modeling (STRIDE, OCTAVE and the PASTA process) Exercise: Threat Modeling, Gamification Gathering threat and vulnerability metrics Exercise: Quantitative Scoring of Vulnerabilities (CVSS), Hands-On Module 5: Culture Change and Leadership Mindset What is good culture? Culture assessment models – safe, trustworthy and empowering Exercise: Identifying and improving your organization’s culture, video review Leadership Mindset – Fixed or Growth Agile at the organizational level (SAFe and SRE) Personnel, stakeholders and the team Homework Exercise: Mindset self-evaluation spreadsheet (optional) Module 6: Best Practices for SecDevOps Planning with a vision – start from where you are Measuring your organization’s SecDevOps maturity Exercise: SecDevOps Implementation Stages, survey Embracing and enabling organization-level governance Why care about GRC?  Rethinking policies - policy as code Building a responsive model Deploying immutable infrastructure Ongoing monitoring and evaluation Exercise: Intrusion Detection, hands-on Module 7: Continuous Learning Experiential learning Retrospective learning Continual improvement Learning sources Module 8: Review and Summary Exam review Key course concepts Next steps