Cart 0

SecDevOps Foundation® (SDOF) Certification Training
Course 3695
3 DAY COURSE

Price:
Course Outline

SecDevOps is the latest evolution in secure software development. Since its introduction in the guidebook by the U.S. Department of Homeland Security (DHS), it has become the go to methodology for writing highly secure computer programs, especially for government, commercial financial institutions and any other organizations which require the highest levels of cyber protection.

This certification training course will help you prepare for and successfully attain the highly respected SecDevOps Foundation (SDOF) certification. In this course, you will learn: 

  • Benefits, concepts, processes and vocabulary of SecDevOps to produce secure software and maintain high-quality agile delivery at speed and scale.
  • Why SecDevOps evolved as an agile methodology and went past the original DevSecOps practice of Continuous Integration and Continuous Delivery to include security/regulator Continuous Compliance (CI/CD/CC).
  • Which organizational culture changes and individual mindset perspectives are necessary to foster ongoing SecDevOps success and improvement.
  • How to plan, design and use a pipeline to test and operationally deploy and monitor production infrastructure.
  • Which techniques are best to find vulnerabilities and perform threat modeling to achieve a security-first perspective in the software development lifecycle.

SecDevOps Foundation® (SDOF) Certification Training Benefits

  • In this SecDevOps Foundation Course, you will:

    • Prepare for official SecDevOps Foundational certification (SDOF) from the DevOps Institute by PeopleCert.
    • Accelerate understanding and learning enjoyment through hands-on exercises and meaningful, problem-solving small group discussions.
    • Establish continuous learning practices to face new challenges including leveraging after-course one-on-one instructor coaching included in the course tuition.

  • Prerequisites

    None.

  • SecDevOps Foundation Certification Details

    • The 60-minute certification exam is open-book and taken online after the course delivery has finished. An exam voucher is included in the course tuition.
    • The certification exam is administered through the DevOps Institute by PeopleCert.

SecDevOps Foundation Training Outline

Learning Objectives

Module 1: SecDevOps Context

  • Megatrends and Context
  • CALM Principles
  • The 3 Ways 

Module 2: Background and Overview

  • Iterative and incremental
  • From Scrum to SecDevOps
  • Automated testing
  • Key principles and security-first philosophy 
  • Exercise: Security Policy Test Planning

Module 3: Tools, Technology and the Pipeline

  • Continuous Integration, Delivery, Deployment and Compliance
  • SecDevOps lifecycle and the Pipeline
  • Pipeline for development
  • Pipeline for operations (Configuration as Code)
  • Exercise: Using a Vulnerability Scanner, Hands-On
  • Cloud, containers and security integration
  • Pipeline maturity and planning
  • Pipeline and other development tools
  • Exercise: Planning a Pipeline

Module 4: Risk, Vulnerabilities and Threats

  • Risk assessment – key goal
  • Cyber intelligence (know the enemy)
  • Threat and Vulnerability Catalogs
  • Exercise: SQL Injection Example, Hands-On
  • Threat modeling (STRIDE, OCTAVE and the PASTA process)
  • Exercise: Threat Modeling, Gamification
  • Gathering threat and vulnerability metrics
  • Exercise: Quantitative Scoring of Vulnerabilities (CVSS), Hands-On

Module 5: Culture Change and Leadership Mindset

  • What is good culture?
  • Culture assessment models – safe, trustworthy and empowering
  • Exercise: Identifying and improving your organization’s culture, video review
  • Leadership Mindset – Fixed or Growth
  • Agile at the organizational level (SAFe and SRE)
  • Personnel, stakeholders and the team
  • Homework Exercise: Mindset self-evaluation spreadsheet (optional)

Module 6: Best Practices for SecDevOps

  • Planning with a vision – start from where you are
  • Measuring your organization’s SecDevOps maturity
  • Exercise: SecDevOps Implementation Stages, survey
  • Embracing and enabling organization-level governance
  • Why care about GRC? 
  • Rethinking policies - policy as code
  • Building a responsive model
  • Deploying immutable infrastructure
  • Ongoing monitoring and evaluation
  • Exercise: Intrusion Detection, hands-on

Module 7: Continuous Learning

  • Experiential learning
  • Retrospective learning
  • Continual improvement
  • Learning sources

Module 8: Review and Summary

  • Exam review
  • Key course concepts
  • Next steps
Course Dates
Attendance Method

How will you be attending the class?

Selecting 'Live Virtual' allows you to attend remotely from work or home. You will receive email communication well before the class starts with detailed instructions on how to validate your equipment and connect to the classroom for a quality learning experience.

Additional Details (optional)

Private Team Training

Interested in this course for your team? Please complete and submit the form below and we will contact you to discuss your needs and budget.