SecDevOps Foundation® (SDOF) Certification Training
This SecDevOps Foundation® (SDOF) Certification Training course will help you prepare for and successfully attain the SecDevOps Foundation Certification. In this course, you will learn the following: Benefits, concepts, and vocabulary of SecDevOps and DevSecOps How SecDevOps and DevSecOps evolved from Agile Differences between DevOps practices and other cybersecurity approaches SecDevOps Foundation® (SDOF) Certification Training Benefits In this SecDevOps Foundation Course, you will: Prepare for the DevOps Institute SecDevOps Foundation Certification (SDOF) with the world's first accredited SecDevOps certification course Trace the history and evolution of SecDevOps Integrate SecDevOps roles with a DevOps culture and organization Receive official certification from the DevOps Institute (DOI) Continue learning and face new challenges with after-course one-on-one instructor coaching Prerequisites None. SecDevOps Foundation Certification Details The 60-minute certification exam is open-book, taken in class, and included in the course tuition. It is highly recommended that candidates attend the SecDevOps Foundation course with a DevOps Institute-accredited Education Partner to prepare for the certification exam. The certification exam is administered through DOI. SecDevOps Foundation Training Outline Module 1: Agile/DevOps Foundation Review What is Agile/DevOps? DevOps Goals DevOps Values DevOps Stakeholders Module 2: Why SecDevOps? Key terms and concepts Why SecDevOps is important 3 Ways to think about DevOps + Security Key principles of SecDevOps SecDevOps security-first philosophy SecDevOps evolution from DevSecOps Module 3: Culture and Management Key terms and concepts How much security is enough? Threat modeling Context is everything High-velocity risk management Team security profiling Module 4: General Security Considerations Avoiding the checkbox trap Basic security hygiene Architectural considerations Federated identity Log management Module 5: Feature and Security Workflow Configuration management Centralized workflow Workflow branch classifications Pre- and post-commit Deployment and release orchestration Module 6: Acquisition Lifecycle Security Needs Phase requirements vs. security Acquisition Review Board (ARB) Analyze/Select Phase measurement metrics Obtain phase life cycle Planning and scheduling Dispose phase concerns Module 7: Identity and Access Management (IAM) Key terms and concepts Identity and Access Management (IAM) basic concepts Why IAM is important Implementation guidance Automation opportunities How to hurt yourself with IAM Module 8: Application Security Application Security Testing (AST) Testing Techniques Prioritizing Testing Techniques Issue Management Integration Threat Monitoring Leveraging Automation Secure coding and Open Web Application Security Project (OWASP) compliance Module 9: Operational Security Key terms and concepts Basic security hygiene practices Role of operations management The Ops environment Embracing fail-early, fail-first Security infrastructure as code Module 10: Cross-Team Security Key terms and concepts Establishing trust Promoting shared responsibility Team verification techniques Embedded point-of-contact Security, development, and operations sprints Module 11: Roles and Responsibilities SecDevOps Coach Product Owner Expanded Responsibilities Program and Project Manager Information System Security Officer (ISSO) SecDevOps Engineer Site Reliability Engineer Module 12: Governance, Risk, Compliance (GRC) Audit Key terms and concepts What is GRC? Why care about GRC? Rethinking policies Policy as code Shifting audit left Three myths of segregation of duties vs. DevOps Module 13: Logging, Monitoring, and Response Key terms and concepts Setting up log management Incident response and forensics Threat intelligence and information sharing Module 14: Continual Improvement Retrospectives Continuous learning Open Collaboration (including security) Shared intelligence Module 14: Review and Summary Exam review Key course concepts Next steps