Comprehensive DevOps Security Training Overview

This Certified DevOps Security Practitioner course provides a deep dive into implementing DevSecOps, integrating security into the DevOps processes. Covering topics like security testing, Docker security, automation, and more, the training aims to equip participants with the necessary skills to embed security in agile development practices effectively. Attendees will learn about various open-source tools, security automation possibilities, and how to integrate security within the CI/CD cycle. Ideal for developers, compliance teams, risk management professionals, and security enthusiasts.

• DevSecOps
• Security Automation
• CI/CD
• Docker Security
• Compliance

jahv_808 Follow

Uploaded on Oct 11, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Certified DevOps Security Practitioner Certified DevOps Security Practitioner A 12 Hours DevOps Security Training In Association with ISACA Sri Lanka Dates : September 27-29, 2021 Time : 6 00 Am 10 00 Am GMT Mode : Online Course Fees: Non-ISACA Members: USD $ 200 ISACA Members: USD $ 140

2. Objectives of the Course In this course, we will be learning how DevSecOps is implemented in a company by using various programming languages and open source tools. It will be helpful to jumpstart in understanding and exposure to various security automation possibilities which can be integrated in DevOps related to application or infrastructure security. This training focuses on Embedding security into the DevOps processes is referred to as DevSecOps. While DevOps addresses the business need of rapidly delivering products and release code in order to satisfy customer demands, it is important that security must work in tandem with Agile and DevOps processes. In traditional development methods, security is kept at the very end of the release process. Who should attend Hence, security has been viewed as a bottleneck to the rapid development methodologies such as Agile along with the software delivery pipeline. Entrepreneurs, Business Owners Cloud Solutions Providers, Senior Managers Security Automation Team This results in a major contention and distrust between development and security teams unless they work in tandem. DevSecOps & Devops Team Aws & Azure Professionals Just as DevOps addresses the traditional silos between Development and Operations, DevSecOps seeks to address the silos between Dev, Ops and Security teams. Automated application security further facilitates reducing friction and removing bottlenecks in the CI/CD cycle. Developers Compliance team Risk Management Professionals Security Enthusiasts

3. COURSE CONTENT Security Testing Git Attack & Best Pratice Jenkins Attack & Best Practice Case Study Shift Secure Left OWASP Proactive Controls Using Infrastructure as Code The HoneyMoon Effect SDOMM or DSOMM(Maturity Model) Day 1: Intro DevOps Culture DevOps Principles Overview of DevOps Tools DevOps CI/CD Pipelining Security & Compliance Challenges in DevOps Regulation Security Compliance Cloud Service threats Rapid releases New Technology (Microservices) Security challenges in CI/CD Case Study Injecting Security into CI/CD Hands-on Open Source Tools (npm,owasp dependency checker,retire.js) any one Static Analaysis Hands-on Open Source Tools (gitrob/trufflehog,open source static code scanner) any one Dynamic Analysis Hands-on Open Source Tools (zap Day 2: Microservice Security What is Docker? Overview of Docker Components Security Concerns with Containers Attacking Docker Containers Misconfiguration(Hands-on) Auditing Docker Containers(Hands-on) Kubernetes Attacking and Defending Remember .. you are the Centre of Security

4. COURSE CONTENT Day 3: Security Automation CaseStudy Security Policy Framework(BDD,Robot) Introduction to ansible(Iaac) Ansible overview Hands-on Security Automation Security Automation Compliance Hands-on Inspec Intro to Cloud DevSecOps (AWS, Azure) Serverless Security Examination The participants would need to undergo an online examination after the training. On successfully clearing the examination, the participant would be awarded with the DevOPs Security certificate. Remember .. you are the Centre of Security

5. Lead Trainer Lionel Faleiro, Practice Lead - Forensics Network Intelligence KK provides the vision and direction for the company and has steered it from a one-man consulting firm started in 2001 to a global cybersecurity firm with an expansive portfolio of services. A technologist at heart, he enjoys dealing with complex security problems and developing solutions to client challenges. He is a qualified PCI QSA, CISA and CISSP. Lionel is passionate about training and working in DFIR. He comes with an experience of almost 10 years in IT and Cybersecurity. He began as a SysAdmin then a Security Trainer and now leads the Forensic Practice at the firm. He has solved numerous cases during his tenure at Network Intelligence and is an avid gamer as well. Registration Link: https://forms.office.com/r/yVBB4L2UpV